On Sat, Sep 29, 2018 at 09:34:24AM -0700, Andy Lutomirski wrote:
Also, as a perhaps-silly suggestion: if you end up adding a new syscall, I can see a use for a mode that does the path walk but, rather than failing on a disallowed link, stops early and indicates where it stopped. Then web servers, samba, etc can more efficiently implement custom behavior when links are encountered. And it may also be useful to have a variant of AT_THIS_ROOT where trying to escape is an error instead of having it just get stuck at the root.
AT_USER_LINKS indicating that userspace wants to resolve symlinks themselves?