From 31cf44efa6df72a524b40adefb80539f3a4e13ba Mon Sep 17 00:00:00 2001 From: Jori Koolstra Date: Fri, 24 Apr 2026 13:46:02 +0200 Subject: vfs: add O_EMPTYPATH to openat(2)/openat2(2) To get an operable version of an O_PATH file descriptor, it is possible to use openat(fd, ".", O_DIRECTORY) for directories, but other files currently require going through open("/proc//fd/"), which depends on a functioning procfs. This patch adds the O_EMPTYPATH flag to openat(2)/openat2(2). If passed, LOOKUP_EMPTY is set at path resolution time. Note: This implies that you cannot rely anymore on disabling procfs from being mounted (e.g. inside a container without procfs mounted and with CAP_SYS_ADMIN dropped) to prevent O_PATH fds from being re-opened read-write. Signed-off-by: Jori Koolstra Link: https://patch.msgid.link/20260424114611.1678641-2-jkoolstra@xs4all.nl Signed-off-by: Christian Brauner (Amutable) --- include/linux/fcntl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/linux') diff --git a/include/linux/fcntl.h b/include/linux/fcntl.h index a332e79b3207..c65c5c73d362 100644 --- a/include/linux/fcntl.h +++ b/include/linux/fcntl.h @@ -10,7 +10,7 @@ (O_RDONLY | O_WRONLY | O_RDWR | O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC | \ O_APPEND | O_NDELAY | O_NONBLOCK | __O_SYNC | O_DSYNC | \ FASYNC | O_DIRECT | O_LARGEFILE | O_DIRECTORY | O_NOFOLLOW | \ - O_NOATIME | O_CLOEXEC | O_PATH | __O_TMPFILE) + O_NOATIME | O_CLOEXEC | O_PATH | __O_TMPFILE | O_EMPTYPATH) /* List of all valid flags for the how->resolve argument: */ #define VALID_RESOLVE_FLAGS \ -- cgit v1.2.3