> Op 30-03-2026 14:12 CEST schreef Jeff Layton <[email protected]>: > > > On Thu, 2026-03-26 at 19:20 +0100, Jori Koolstra wrote: > > To get an operable version of an O_PATH file descriptor, it is possible > > to use openat(fd, ".", O_DIRECTORY) for directories, but other files > > currently require going through open("/proc/<pid>/fd/<nr>"), which > > depends on a functioning procfs. > > > > This patch adds the OPENAT2_EMPTY_PATH flag to openat2(2). If passed, > > LOOKUP_EMPTY is set at path resolve time. > > > > Note: This implies that you cannot rely anymore on disabling procfs from > > being mounted (e.g. inside a container without procfs mounted and with > > CAP_SYS_ADMIN dropped) to prevent O_PATH fds from being re-opened > > read-write. > > > > Signed-off-by: Jori Koolstra <[email protected]> > > Looks sane to me. Can this be merged apart from the rest of the series? > It doesn't seem like the transitive stuff is dependent on this. > > Reviewed-by: Jeff Layton <[email protected]>
Yes, there is no dependence. However, Aleksa suggested that we DO add it to openat() as well because then systemd folks can use it too. I don't if there are any objections to that right now. Thanks, Jori.
