Re: git: b165e9e3ea4e - main - Add fchroot(2)
- In reply to: Konstantin Belousov : "Re: git: b165e9e3ea4e - main - Add fchroot(2)"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 29 Nov 2024 16:44:07 UTC
On 1129T1724, Konstantin Belousov wrote: > On Fri, Nov 29, 2024 at 12:22:16PM +0000, Edward Tomasz Napierala wrote: > > The branch main has been updated by trasz: > > > > URL: https://cgit.FreeBSD.org/src/commit/?id=b165e9e3ea4e327fc421d81c2a89242bd8720780 > > > > commit b165e9e3ea4e327fc421d81c2a89242bd8720780 > > Author: Edward Tomasz Napierala <trasz@FreeBSD.org> > > AuthorDate: 2024-11-29 07:46:07 +0000 > > Commit: Edward Tomasz Napierala <trasz@FreeBSD.org> > > CommitDate: 2024-11-29 12:10:02 +0000 > > > > Add fchroot(2) > > > > This is similar to chroot(2), but takes a file descriptor instead > > of path. Same syscall exists in NetBSD and Solaris. It is part of a larger > > patch to make absolute pathnames usable in Capsicum mode, but should > > be useful in other contexts too. > > I wonder if it should be fchrootat(fd, path, flags) with the support for > AT_EMPTY_PATH instead. Then fchroot() becomes the libc wrapper. > > I can see arguments both pro and contra. Main argument against is that > the immediate semantic is easily emulated by openat() + fchroot(). But > the freedom of adding the fchroot-specific flags might be worth considering. Yeah, I thought about that too. In the end I decided to go with the simpler API, because I like how it mirrors fchdir(2); both do something fundamentally very similar, they set the default starting points for path lookups. And we never had the need to add fchdirat(2).