https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248335
--- Comment #3 from Konstantin Belousov <[email protected]> --- But user could only guess-check only his own username, no ? O_BENEATH usage was designed to confine existing non-capsicumized apps, which only need access to the known subset of the whole filesystem namespace. Typical example is compiler which only needs to access source file, hierarchies of headers, and write output file. There, we can pre-allocate dirfds for /usr/include and /usr/local/include. On the other hand, build systems often use relative paths with dotdots to express target directory as relative to source, so dotdot support was needed for intended application of our O_BENEATH. Anyway, if you can provide somewhat more precise explanation of the desired behavior, and perhaps give the name for the new O_ flag, I will implement it as well. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "[email protected]"
