git: a570fe4d0dd9 - main - open(2): describe *at behavior for dirfd opened without O_SEARCH

From: Konstantin Belousov <kib_at_FreeBSD.org>
Date: Mon, 29 Jan 2024 21:40:10 UTC
The branch main has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=a570fe4d0dd979ce099374259ffc45d56ae4e471

commit a570fe4d0dd979ce099374259ffc45d56ae4e471
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2024-01-29 17:54:32 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2024-01-29 21:38:48 +0000

    open(2): describe *at behavior for dirfd opened without O_SEARCH
    
    and move the BUGS paragraph about dirfd permissions into STANDARDS
    section, noting that we provide POSIX-mandated implementation.
    
    Reviewed by:    emaste, kevans
    Sponsored by:   The FreeBSD Foundation
    MFC after:      3 days
    Differential revision:  https://reviews.freebsd.org/D43652
---
 lib/libc/sys/open.2 | 36 ++++++++++++++++++++++++------------
 1 file changed, 24 insertions(+), 12 deletions(-)

diff --git a/lib/libc/sys/open.2 b/lib/libc/sys/open.2
index a6859a6c4931..383dd58b2a31 100644
--- a/lib/libc/sys/open.2
+++ b/lib/libc/sys/open.2
@@ -25,7 +25,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd May 29, 2023
+.Dd January 29, 2024
 .Dt OPEN 2
 .Os
 .Sh NAME
@@ -314,6 +314,12 @@ may not be used for any read operations like
 The primary use for this descriptor will be as the lookup descriptor for the
 .Fn *at
 family of functions.
+If
+.Dv O_SEARCH
+was not requested at open time, then the
+.Fn *at
+functions use the current directory permissions for the directory referenced
+by the descriptor at the time of the call.
 .Pp
 .Dv O_PATH
 returns a file descriptor that can be used as a directory file descriptor for
@@ -661,6 +667,23 @@ when
 is set in flags and the final component of pathname is a symbolic link
 to distinguish it from the case of too many symbolic link traversals
 in one of its non-final components.
+.Pp
+The Open Group Extended API Set 2 specification, that introduced the
+.Fn *at
+API, required that the test for whether
+.Fa fd
+is searchable is based on whether
+.Fa fd
+is open for searching, not whether the underlying directory currently
+permits searches.
+The present implementation of the
+.Fa openat
+system call is believed to be compatible with
+.St -p1003.1-2017 ,
+which specifies that behavior for
+.Dv O_SEARCH ,
+in the absence of the flag the implementation checks the current
+permissions of a directory.
 .Sh HISTORY
 The
 .Fn open
@@ -673,17 +696,6 @@ function was introduced in
 .Dv O_DSYNC
 appeared in 13.0.
 .Sh BUGS
-The Open Group Extended API Set 2 specification requires that the test
-for whether
-.Fa fd
-is searchable is based on whether
-.Fa fd
-is open for searching, not whether the underlying directory currently
-permits searches.
-The present implementation of the
-.Fa openat
-checks the current permissions of directory instead.
-.Pp
 The
 .Fa mode
 argument is variadic and may result in different calling conventions