git: 7a292504bad8 - main - __acl_get_fd(2), __acl_aclcheck_fd(2): enable for O_PATH filedescriptors

From: Konstantin Belousov <kib_at_FreeBSD.org>
Date: Tue, 30 May 2023 06:02:49 UTC
The branch main has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=7a292504bad8467915f072f0576b2a07c76de1f5

commit 7a292504bad8467915f072f0576b2a07c76de1f5
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2023-05-29 15:07:18 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2023-05-30 05:53:56 +0000

    __acl_get_fd(2), __acl_aclcheck_fd(2): enable for O_PATH filedescriptors
    
    PR:     271704
    Reported by:    Peter Eriksson  <pen@lysator.liu.se>
    Reviewed by:    markj
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 week
    Differential revision:  https://reviews.freebsd.org/D40318
---
 lib/libc/sys/open.2 | 3 ++-
 sys/kern/vfs_acl.c  | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/libc/sys/open.2 b/lib/libc/sys/open.2
index 574b6b136d39..232226a00ae6 100644
--- a/lib/libc/sys/open.2
+++ b/lib/libc/sys/open.2
@@ -28,7 +28,7 @@
 .\"     @(#)open.2	8.2 (Berkeley) 11/16/93
 .\" $FreeBSD$
 .\"
-.Dd March 2, 2023
+.Dd May 29, 2023
 .Dt OPEN 2
 .Os
 .Sh NAME
@@ -344,6 +344,7 @@ message
 using for
 .Dv EVFILT_VNODE
 .It Xr readlinkat 2
+.It Xr __acl_get_fd 2 , Xr __alc_aclcheck_fd 2
 .El
 But operations like
 .Xr read 2 ,
diff --git a/sys/kern/vfs_acl.c b/sys/kern/vfs_acl.c
index 927005e6d452..1e8122cb68c1 100644
--- a/sys/kern/vfs_acl.c
+++ b/sys/kern/vfs_acl.c
@@ -436,7 +436,7 @@ sys___acl_get_fd(struct thread *td, struct __acl_get_fd_args *uap)
 	int error;
 
 	AUDIT_ARG_FD(uap->filedes);
-	error = getvnode(td, uap->filedes,
+	error = getvnode_path(td, uap->filedes,
 	    cap_rights_init_one(&rights, CAP_ACL_GET), &fp);
 	if (error == 0) {
 		error = vacl_get_acl(td, fp->f_vnode, uap->type, uap->aclp);
@@ -570,7 +570,7 @@ sys___acl_aclcheck_fd(struct thread *td, struct __acl_aclcheck_fd_args *uap)
 	int error;
 
 	AUDIT_ARG_FD(uap->filedes);
-	error = getvnode(td, uap->filedes,
+	error = getvnode_path(td, uap->filedes,
 	    cap_rights_init_one(&rights, CAP_ACL_CHECK), &fp);
 	if (error == 0) {
 		error = vacl_aclcheck(td, fp->f_vnode, uap->type, uap->aclp);