mirror of https://github.com/mkerrisk/man-pages
path_resolution.7: Update to mention openat2(2) features
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
7a18f60e4d
commit
61d24bff30
|
@ -29,30 +29,38 @@ path_resolution \- how a pathname is resolved to a file
|
||||||
Some UNIX/Linux system calls have as parameter one or more filenames.
|
Some UNIX/Linux system calls have as parameter one or more filenames.
|
||||||
A filename (or pathname) is resolved as follows.
|
A filename (or pathname) is resolved as follows.
|
||||||
.SS Step 1: start of the resolution process
|
.SS Step 1: start of the resolution process
|
||||||
If the pathname starts with the \(aq/\(aq character,
|
If the pathname starts with the \(aq/\(aq character, the starting lookup
|
||||||
the starting lookup directory
|
directory is the root directory of the calling process.
|
||||||
is the root directory of the calling process.
|
A process inherits its root directory from its parent.
|
||||||
(A process inherits its
|
Usually this will be the root directory of the file hierarchy.
|
||||||
root directory from its parent.
|
A process may get a different root directory by use of the
|
||||||
Usually this will be the root directory
|
|
||||||
of the file hierarchy.
|
|
||||||
A process may get a different root directory
|
|
||||||
by use of the
|
|
||||||
.BR chroot (2)
|
.BR chroot (2)
|
||||||
system call.
|
system call, or may temporarily use a different root directory by using
|
||||||
|
.BR openat2 (2)
|
||||||
|
with the
|
||||||
|
.B RESOLVE_IN_ROOT
|
||||||
|
flag set.
|
||||||
|
.PP
|
||||||
A process may get an entirely private mount namespace in case
|
A process may get an entirely private mount namespace in case
|
||||||
it\(emor one of its ancestors\(emwas started by an invocation of the
|
it\(emor one of its ancestors\(emwas started by an invocation of the
|
||||||
.BR clone (2)
|
.BR clone (2)
|
||||||
system call that had the
|
system call that had the
|
||||||
.B CLONE_NEWNS
|
.B CLONE_NEWNS
|
||||||
flag set.)
|
flag set.
|
||||||
This handles the \(aq/\(aq part of the pathname.
|
This handles the \(aq/\(aq part of the pathname.
|
||||||
.PP
|
.PP
|
||||||
If the pathname does not start with the \(aq/\(aq character, the
|
If the pathname does not start with the \(aq/\(aq character, the starting
|
||||||
starting lookup directory of the resolution process is the current working
|
lookup directory of the resolution process is the current working directory of
|
||||||
directory of the process.
|
the process \(em or in the case of
|
||||||
(This is also inherited from the parent.
|
.BR openat (2)-style
|
||||||
It can be changed by use of the
|
system calls, the
|
||||||
|
.I dfd
|
||||||
|
argument (or the current working directory if
|
||||||
|
.B AT_FDCWD
|
||||||
|
is passed as the
|
||||||
|
.I dfd
|
||||||
|
argument). The current working directory is inherited from the parent, and can
|
||||||
|
be changed by use of the
|
||||||
.BR chdir (2)
|
.BR chdir (2)
|
||||||
system call.)
|
system call.)
|
||||||
.PP
|
.PP
|
||||||
|
@ -91,7 +99,7 @@ Upon error, that error is returned.
|
||||||
If the result is not a directory, an
|
If the result is not a directory, an
|
||||||
.B ENOTDIR
|
.B ENOTDIR
|
||||||
error is returned.
|
error is returned.
|
||||||
If the resolution of the symlink is successful and returns a directory,
|
If the resolution of the symbolic link is successful and returns a directory,
|
||||||
we set the current lookup directory to that directory, and go to
|
we set the current lookup directory to that directory, and go to
|
||||||
the next component.
|
the next component.
|
||||||
Note that the resolution process here can involve recursion if the
|
Note that the resolution process here can involve recursion if the
|
||||||
|
@ -124,6 +132,12 @@ the kernel's pathname-resolution code
|
||||||
was reworked to eliminate the use of recursion,
|
was reworked to eliminate the use of recursion,
|
||||||
so that the only limit that remains is the maximum of 40
|
so that the only limit that remains is the maximum of 40
|
||||||
resolutions for the entire pathname.
|
resolutions for the entire pathname.
|
||||||
|
.PP
|
||||||
|
The resolution of symbolic links during this stage can be blocked by using
|
||||||
|
.BR openat2 (2),
|
||||||
|
with the
|
||||||
|
.B RESOLVE_NO_SYMLINKS
|
||||||
|
flag set.
|
||||||
.SS Step 3: find the final entry
|
.SS Step 3: find the final entry
|
||||||
The lookup of the final component of the pathname goes just like
|
The lookup of the final component of the pathname goes just like
|
||||||
that of all other components, as described in the previous step,
|
that of all other components, as described in the previous step,
|
||||||
|
@ -145,7 +159,7 @@ The path resolution process will assume that these entries have
|
||||||
their conventional meanings, regardless of whether they are
|
their conventional meanings, regardless of whether they are
|
||||||
actually present in the physical filesystem.
|
actually present in the physical filesystem.
|
||||||
.PP
|
.PP
|
||||||
One cannot walk down past the root: "/.." is the same as "/".
|
One cannot walk up past the root: "/.." is the same as "/".
|
||||||
.SS Mount points
|
.SS Mount points
|
||||||
After a "mount dev path" command, the pathname "path" refers to
|
After a "mount dev path" command, the pathname "path" refers to
|
||||||
the root of the filesystem hierarchy on the device "dev", and no
|
the root of the filesystem hierarchy on the device "dev", and no
|
||||||
|
@ -154,6 +168,12 @@ longer to whatever it referred to earlier.
|
||||||
One can walk out of a mounted filesystem: "path/.." refers to
|
One can walk out of a mounted filesystem: "path/.." refers to
|
||||||
the parent directory of "path",
|
the parent directory of "path",
|
||||||
outside of the filesystem hierarchy on "dev".
|
outside of the filesystem hierarchy on "dev".
|
||||||
|
.PP
|
||||||
|
Traversal of mount points can be blocked by using
|
||||||
|
.BR openat2 (2),
|
||||||
|
with the
|
||||||
|
.B RESOLVE_NO_XDEV
|
||||||
|
flag set (though note that this also restricts bind mount traversal).
|
||||||
.SS Trailing slashes
|
.SS Trailing slashes
|
||||||
If a pathname ends in a \(aq/\(aq, that forces resolution of the preceding
|
If a pathname ends in a \(aq/\(aq, that forces resolution of the preceding
|
||||||
component as in Step 2: it has to exist and resolve to a directory.
|
component as in Step 2: it has to exist and resolve to a directory.
|
||||||
|
|
Loading…
Reference in New Issue