From: Steffen Nurpmeso Subject: Re: openat(2) is mostly useless, sadly To: "H. Hartzer" Cc: "Theo de Raadt" , Date: Fri, 30 May 2025 22:21:13 +0200 H. Hartzer wrote in : |Theo de Raadt wrote: |> instead of requiring a programmer to put a flag on every system call \ |> acting |> upon the object. Two operational flags are added, O_BELOW and F_BELOW. ... |I wanted to point out that the language can be confusing of "above", |"below", etc. Now it may be that this is named as appropriately as it |can be, but while I was reading my instinct was that "below" meant a |child directory, rather than a parent. I think there may be some |confusion over the semantics. | |O_BELOW also sounds somewhat like it allows below, but not only below. |Maybe O_ONLYBELOW? Another possibility might be something like O_CHROOT, |which is a familiar and similar term, though might add other confusion. | |I think that ascend/descend might be somewhat more intuitive terms. |Perhaps O_DESCEND, or O_ONLYDESCEND. How about "beneath" as Linux landlock uses? |I'm looking forward to giving this a try. Maybe one of those things where in the end noone understand why it has not been done like that from the beginning. |-Henrich --End of --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)