]>
Commit | Line | Data |
---|---|---|
89de5055 AS |
1 | .\" Copyright (C) 2019 Aleksa Sarai <cyphar@cyphar.com> |
2 | .\" | |
3 | .\" %%%LICENSE_START(VERBATIM) | |
4 | .\" Permission is granted to make and distribute verbatim copies of this | |
5 | .\" manual provided the copyright notice and this permission notice are | |
6 | .\" preserved on all copies. | |
7 | .\" | |
8 | .\" Permission is granted to copy and distribute modified versions of this | |
9 | .\" manual under the conditions for verbatim copying, provided that the | |
10 | .\" entire resulting derived work is distributed under the terms of a | |
11 | .\" permission notice identical to this one. | |
12 | .\" | |
13 | .\" Since the Linux kernel and libraries are constantly changing, this | |
14 | .\" manual page may be incorrect or out-of-date. The author(s) assume no | |
15 | .\" responsibility for errors or omissions, or for damages resulting from | |
16 | .\" the use of the information contained herein. The author(s) may not | |
17 | .\" have taken the same level of care in the production of this manual, | |
18 | .\" which is licensed free of charge, as they might when working | |
19 | .\" professionally. | |
20 | .\" | |
21 | .\" Formatted or processed versions of this manual, if unaccompanied by | |
22 | .\" the source, must acknowledge the copyright and authors of this work. | |
23 | .\" %%%LICENSE_END | |
e8426ca2 | 24 | .TH OPENAT2 2 2020-04-11 "Linux" "Linux Programmer's Manual" |
89de5055 AS |
25 | .SH NAME |
26 | openat2 \- open and possibly create a file (extended) | |
27 | .SH SYNOPSIS | |
28 | .nf | |
29 | .B #include <sys/types.h> | |
30 | .B #include <sys/stat.h> | |
31 | .B #include <fcntl.h> | |
32 | .B #include <openat2.h> | |
33 | .PP | |
3fcaeb80 MK |
34 | .BI "int openat2(int " dirfd ", const char *" pathname , |
35 | .BI " struct open_how *" how ", size_t " size "); | |
89de5055 AS |
36 | .fi |
37 | .PP | |
38 | .IR Note : | |
39 | There is no glibc wrapper for this system call; see NOTES. | |
40 | .SH DESCRIPTION | |
41 | The | |
42 | .BR openat2 () | |
36c9d56d MK |
43 | system call is an extension of |
44 | .BR openat (2) | |
45 | and provides a superset of its functionality. | |
46 | .PP | |
47 | The | |
48 | .BR openat2 () | |
89de5055 AS |
49 | system call opens the file specified by |
50 | .IR pathname . | |
51 | If the specified file does not exist, it may optionally (if | |
52 | .B O_CREAT | |
53 | is specified in | |
54 | .IR how.flags ) | |
4ec6d407 | 55 | be created. |
89de5055 AS |
56 | .PP |
57 | As with | |
58 | .BR openat (2), | |
59 | if | |
60 | .I pathname | |
4ec6d407 | 61 | is a relative pathname, then it is interpreted relative to the |
89de5055 AS |
62 | directory referred to by the file descriptor |
63 | .I dirfd | |
64 | (or the current working directory of the calling process, if | |
65 | .I dirfd | |
66 | is the special value | |
4ec6d407 | 67 | .BR AT_FDCWD ). |
89de5055 AS |
68 | If |
69 | .I pathname | |
4ec6d407 | 70 | is an absolute pathname, then |
89de5055 AS |
71 | .I dirfd |
72 | is ignored (unless | |
73 | .I how.resolve | |
74 | contains | |
75 | .BR RESOLVE_IN_ROOT, | |
76 | in which case | |
77 | .I pathname | |
78 | is resolved relative to | |
4ec6d407 | 79 | .IR dirfd ). |
89de5055 | 80 | .PP |
89de5055 | 81 | Rather than taking a single |
669403e9 | 82 | .I flags |
4ec6d407 | 83 | argument, an extensible structure (\fIhow\fP) is passed to allow for |
89de5055 | 84 | future extensions. |
4ec6d407 | 85 | The |
89de5055 | 86 | .I size |
4ec6d407 MK |
87 | argument must be specified as |
88 | .IR "sizeof(struct open_how)" . | |
2d82152f | 89 | .\" |
89de5055 | 90 | .SS The open_how structure |
36c9d56d MK |
91 | The |
92 | .I how | |
93 | argument specifies how | |
89de5055 AS |
94 | .I pathname |
95 | should be opened, and acts as a superset of the | |
a424f7c0 MK |
96 | .IR flags |
97 | and | |
98 | .IR mode | |
89de5055 AS |
99 | arguments to |
100 | .BR openat (2). | |
36c9d56d | 101 | This argument is a pointer to a structure of the following form: |
89de5055 AS |
102 | .PP |
103 | .in +4n | |
104 | .EX | |
105 | struct open_how { | |
0105739e MK |
106 | u64 flags; /* O_* flags */ |
107 | u64 mode; /* Mode for O_{CREAT,TMPFILE} */ | |
108 | u64 resolve; /* RESOLVE_* flags */ | |
89de5055 AS |
109 | /* ... */ |
110 | }; | |
111 | .EE | |
112 | .in | |
113 | .PP | |
114 | Any future extensions to | |
115 | .BR openat2 () | |
4ec6d407 MK |
116 | will be implemented as new fields appended to the above structure, |
117 | with a zero value in a new field resulting in the kernel behaving | |
118 | as though that extension field was not present. | |
7a18f60e MK |
119 | Therefore, the caller |
120 | .I must | |
121 | zero-fill this structure on | |
4ec6d407 MK |
122 | initialization. |
123 | (See the "Extensibility" section of the | |
89de5055 AS |
124 | .B NOTES |
125 | for more detail on why this is necessary.) | |
126 | .PP | |
4ec6d407 MK |
127 | The fields of the |
128 | .I open_how | |
129 | structure are as follows: | |
0389373e | 130 | .TP |
89de5055 | 131 | .I flags |
4ec6d407 MK |
132 | This field specifies |
133 | the file creation and file status flags to use when opening the file. | |
89de5055 AS |
134 | All of the |
135 | .B O_* | |
136 | flags defined for | |
137 | .BR openat (2) | |
138 | are valid | |
139 | .BR openat2 () | |
140 | flag values. | |
0389373e | 141 | .IP |
4ec6d407 MK |
142 | Whereas |
143 | .BR openat (2) | |
144 | ignores unknown bits in its | |
145 | .I flags | |
146 | argument, | |
89de5055 | 147 | .BR openat2 () |
4ec6d407 | 148 | returns an error if unknown or conflicting flags are specified in |
7b7aad69 | 149 | .IR how.flags . |
0389373e MK |
150 | .TP |
151 | .I mode | |
4ec6d407 MK |
152 | This field specifies the |
153 | mode for the new file, with identical semantics to the | |
89de5055 | 154 | .I mode |
4ec6d407 | 155 | argument of |
89de5055 | 156 | .BR openat (2). |
0389373e | 157 | .IP |
4ec6d407 MK |
158 | Whereas |
159 | .BR openat (2) | |
160 | ignores bits other than those in the range | |
161 | .I 07777 | |
162 | in its | |
163 | .I mode | |
164 | argument, | |
89de5055 | 165 | .BR openat2 () |
4ec6d407 | 166 | returns an error if |
7b7aad69 | 167 | .I how.mode |
4ec6d407 MK |
168 | contains bits other than |
169 | .IR 07777 . | |
170 | Similarly, an error is returned if | |
89de5055 | 171 | .BR openat2 () |
4ec6d407 | 172 | is called with a non-zero |
a424f7c0 MK |
173 | .IR how.mode |
174 | and | |
175 | .IR how.flags | |
89de5055 | 176 | does not contain |
a424f7c0 MK |
177 | .BR O_CREAT |
178 | or | |
179 | .BR O_TMPFILE . | |
0389373e | 180 | .TP |
89de5055 | 181 | .I resolve |
4ec6d407 | 182 | This is a bit-mask of flags that modify the way in which |
89de5055 AS |
183 | .B all |
184 | components of | |
185 | .I pathname | |
4ec6d407 MK |
186 | will be resolved. |
187 | (See | |
89de5055 AS |
188 | .BR path_resolution (7) |
189 | for background information.) | |
4ec6d407 | 190 | .IP |
89de5055 AS |
191 | The primary use case for these flags is to allow trusted programs to restrict |
192 | how untrusted paths (or paths inside untrusted directories) are resolved. | |
193 | The full list of | |
194 | .I resolve | |
4ec6d407 | 195 | flags is as follows: |
0389373e | 196 | .RS |
89de5055 | 197 | .TP |
89de5055 | 198 | .B RESOLVE_BENEATH |
c85ebb3c | 199 | .\" commit adb21d2b526f7f196b2f3fdca97d80ba05dd14a0 |
89de5055 AS |
200 | Do not permit the path resolution to succeed if any component of the resolution |
201 | is not a descendant of the directory indicated by | |
202 | .IR dirfd . | |
4ec6d407 | 203 | This causes absolute symbolic links (and absolute values of |
89de5055 AS |
204 | .IR pathname ) |
205 | to be rejected. | |
0389373e | 206 | .IP |
e31d5bfd | 207 | Currently, this flag also disables magic-link resolution (see below). |
89de5055 | 208 | However, this may change in the future. |
4ec6d407 MK |
209 | Therefore, to ensure that magic links are not resolved, |
210 | the caller should explicitly specify | |
211 | .BR RESOLVE_NO_MAGICLINKS . | |
89de5055 AS |
212 | .TP |
213 | .B RESOLVE_IN_ROOT | |
c85ebb3c | 214 | .\" commit 8db52c7e7ee1bd861b6096fcafc0fe7d0f24a994 |
9e0168b0 | 215 | Treat the directory referred to by |
89de5055 AS |
216 | .I dirfd |
217 | as the root directory while resolving | |
d144dc36 | 218 | .IR pathname . |
552f3799 | 219 | Absolute symbolic links are interpreted relative to |
89de5055 | 220 | .IR dirfd . |
552f3799 MK |
221 | If a prefix component of |
222 | .I pathname | |
223 | equates to | |
224 | .IR dirfd , | |
225 | then an immediately following | |
226 | .IR .. | |
227 | component likewise equates to | |
228 | .IR dirfd | |
229 | (just as | |
230 | .I /.. | |
231 | is traditionally equivalent to | |
232 | .IR / ). | |
89de5055 AS |
233 | If |
234 | .I pathname | |
552f3799 | 235 | is an absolute path, it is also interpreted relative to |
89de5055 | 236 | .IR dirfd . |
0389373e | 237 | .IP |
d144dc36 MK |
238 | The effect of this flag is as though the calling process had used |
239 | .BR chroot (2) | |
240 | to (temporarily) modify its root directory (to the directory | |
241 | referred to by | |
242 | .IR dirfd ). | |
89de5055 AS |
243 | However, unlike |
244 | .BR chroot (2) | |
245 | (which changes the filesystem root permanently for a process), | |
246 | .B RESOLVE_IN_ROOT | |
9e0168b0 | 247 | allows a program to efficiently restrict path resolution on a per-open basis. |
0389373e | 248 | .IP |
39bfd046 | 249 | Currently, this flag also disables magic-link resolution. |
89de5055 | 250 | However, this may change in the future. |
4ec6d407 MK |
251 | Therefore, to ensure that magic links are not resolved, |
252 | the caller should explicitly specify | |
253 | .BR RESOLVE_NO_MAGICLINKS . | |
193f7fb2 MK |
254 | .TP |
255 | .B RESOLVE_NO_MAGICLINKS | |
c85ebb3c | 256 | .\" commit 278121417a72d87fb29dd8c48801f80821e8f75a |
193f7fb2 MK |
257 | Disallow all magic-link resolution during path resolution. |
258 | .IP | |
d31cdf43 MK |
259 | Magic links are symbolic link-like objects that are most notably found in |
260 | .BR proc (5); | |
261 | examples include | |
262 | .IR /proc/[pid]/exe | |
263 | and | |
264 | .IR /proc/[pid]/fd/* . | |
265 | (See | |
266 | .BR symlink (7) | |
267 | for more details.) | |
268 | .IP | |
269 | Unknowingly opening magic links can be risky for some applications. | |
270 | Examples of such risks include the following: | |
271 | .RS | |
272 | .IP \(bu 2 | |
273 | If the process opening a pathname is a controlling process that | |
274 | currently has no controlling terminal (see | |
275 | .BR credentials (7)), | |
276 | then opening a magic link inside | |
277 | .IR /proc/[pid]/fd | |
278 | that happens to refer to a terminal | |
279 | would cause the process to acquire a controlling terminal. | |
280 | .IP \(bu | |
281 | .\" From https://lwn.net/Articles/796868/: | |
282 | .\" The presence of this flag will prevent a path lookup operation | |
283 | .\" from traversing through one of these magic links, thus blocking | |
284 | .\" (for example) attempts to escape from a container via a /proc | |
285 | .\" entry for an open file descriptor. | |
286 | In a containerized environment, | |
287 | a magic link inside | |
288 | .I /proc | |
289 | may refer to an object outside the container, | |
290 | and thus may provide a means to escape from the container. | |
291 | .RE | |
292 | .IP | |
293 | Because of such risks, | |
294 | an application may prefer to disable magic link resolution using the | |
295 | .BR RESOLVE_NO_MAGICLINKS | |
296 | flag. | |
297 | .IP | |
193f7fb2 MK |
298 | If the trailing component (i.e., basename) of |
299 | .I pathname | |
300 | is a magic link, and | |
301 | .I how.flags | |
302 | contains both | |
303 | .BR O_PATH | |
304 | and | |
305 | .BR O_NOFOLLOW , | |
306 | then an | |
307 | .B O_PATH | |
308 | file descriptor referencing the magic link will be returned. | |
193f7fb2 MK |
309 | .TP |
310 | .B RESOLVE_NO_SYMLINKS | |
c85ebb3c | 311 | .\" commit 278121417a72d87fb29dd8c48801f80821e8f75a |
193f7fb2 MK |
312 | Disallow resolution of symbolic links during path resolution. |
313 | This option implies | |
314 | .BR RESOLVE_NO_MAGICLINKS . | |
315 | .IP | |
316 | If the trailing component (i.e., basename) of | |
317 | .I pathname | |
318 | is a symbolic link, and | |
319 | .I how.flags | |
320 | contains both | |
321 | .BR O_PATH | |
322 | and | |
323 | .BR O_NOFOLLOW , | |
324 | then an | |
325 | .B O_PATH | |
326 | file descriptor referencing the symbolic link will be returned. | |
327 | .IP | |
c85ebb3c MK |
328 | Note that the effect of the |
329 | .BR RESOLVE_NO_SYMLINKS | |
330 | flag, | |
331 | which affects the treatment of symbolic links in all of the components of | |
332 | .IR pathname , | |
333 | differs from the effect of the | |
334 | .BR O_NOFOLLOW | |
335 | file creation flag (in | |
336 | .IR how.flags ), | |
337 | which affects the handling of symbolic links only in the final component of | |
338 | .IR pathname . | |
339 | .IP | |
d31cdf43 MK |
340 | Applications that employ the |
341 | .BR RESOLVE_NO_SYMLINKS | |
342 | flag are encouraged to make its use configurable | |
343 | (unless it is used for a specific security purpose), | |
344 | as symbolic links are very widely used by end-users. | |
345 | Setting this flag indiscriminately\(emi.e., | |
346 | for purposes not specifically related to security\(emfor all uses of | |
193f7fb2 MK |
347 | .BR openat2 () |
348 | may result in spurious errors on previously-functional systems. | |
d31cdf43 MK |
349 | This may occur if, for example, |
350 | a system pathname that is used by an application is modified | |
351 | (e.g., in a new distribution release) | |
352 | so that a pathname component (now) contains a symbolic link. | |
193f7fb2 MK |
353 | .TP |
354 | .B RESOLVE_NO_XDEV | |
c85ebb3c | 355 | .\" commit 72ba29297e1439efaa54d9125b866ae9d15df339 |
193f7fb2 MK |
356 | Disallow traversal of mount points during path resolution (including all bind |
357 | mounts). | |
c85ebb3c MK |
358 | Consequently, |
359 | .I pathname | |
360 | must either be on the same mount as the directory referred to by | |
361 | .IR dirfd , | |
362 | or on the same mount as the current working directory if | |
363 | .I dirfd | |
364 | is specified as | |
365 | .BR AT_FDCWD . | |
193f7fb2 | 366 | .IP |
08ba10a6 MK |
367 | Applications that employ the |
368 | .B RESOLVE_NO_XDEV | |
369 | flag are encouraged to make its use configurable (unless it is | |
370 | used for a specific security purpose), | |
371 | as bind mounts are widely used by end-users. | |
b4e15682 MK |
372 | Setting this flag indiscriminately\(emi.e., |
373 | for purposes not specifically related to security\(emfor all uses of | |
193f7fb2 MK |
374 | .BR openat2 () |
375 | may result in spurious errors on previously-functional systems. | |
b4e15682 MK |
376 | This may occur if, for example, |
377 | a system pathname that is used by an application is modified | |
378 | (e.g., in a new distribution release) | |
379 | so that a pathname component (now) contains a bind mount. | |
0389373e | 380 | .RE |
4ec6d407 | 381 | .IP |
75cd77e3 MK |
382 | If any bits other than those listed above are set in |
383 | .IR how.resolve , | |
384 | an error is returned. | |
89de5055 AS |
385 | .SH RETURN VALUE |
386 | On success, a new file descriptor is returned. | |
0105739e | 387 | On error, \-1 is returned, and |
89de5055 AS |
388 | .I errno |
389 | is set appropriately. | |
89de5055 AS |
390 | .SH ERRORS |
391 | The set of errors returned by | |
392 | .BR openat2 () | |
393 | includes all of the errors returned by | |
394 | .BR openat (2), | |
395 | as well as the following additional errors: | |
396 | .TP | |
89de5055 | 397 | .B E2BIG |
4ec6d407 MK |
398 | An extension that this kernel does not support was specified in |
399 | .IR how . | |
400 | (See the "Extensibility" section of | |
89de5055 AS |
401 | .B NOTES |
402 | for more detail on how extensions are handled.) | |
403 | .TP | |
404 | .B EAGAIN | |
7b7aad69 | 405 | .I how.resolve |
89de5055 | 406 | contains either |
a424f7c0 MK |
407 | .BR RESOLVE_IN_ROOT |
408 | or | |
409 | .BR RESOLVE_BENEATH , | |
89de5055 | 410 | and the kernel could not ensure that a ".." component didn't escape (due to a |
4ec6d407 MK |
411 | race condition or potential attack). |
412 | The caller may choose to retry the | |
89de5055 AS |
413 | .BR openat2 () |
414 | call. | |
415 | .TP | |
03625dc1 MK |
416 | .B EINVAL |
417 | An unknown flag or invalid value was specified in | |
418 | .IR how . | |
89de5055 | 419 | .TP |
03625dc1 MK |
420 | .B EINVAL |
421 | .I mode | |
422 | is non-zero, but | |
7b7aad69 | 423 | .I how.flags |
03625dc1 | 424 | does not contain |
a424f7c0 MK |
425 | .BR O_CREAT |
426 | or | |
427 | .BR O_TMPFILE . | |
03625dc1 MK |
428 | .TP |
429 | .B EINVAL | |
430 | .I size | |
431 | was smaller than any known version of | |
432 | .IR "struct open_how" . | |
89de5055 AS |
433 | .TP |
434 | .B ELOOP | |
7b7aad69 | 435 | .I how.resolve |
89de5055 AS |
436 | contains |
437 | .BR RESOLVE_NO_SYMLINKS , | |
438 | and one of the path components was a symbolic link (or magic link). | |
439 | .TP | |
440 | .B ELOOP | |
7b7aad69 | 441 | .I how.resolve |
89de5055 AS |
442 | contains |
443 | .BR RESOLVE_NO_MAGICLINKS , | |
444 | and one of the path components was a magic link. | |
03625dc1 MK |
445 | .TP |
446 | .B EXDEV | |
7b7aad69 | 447 | .I how.resolve |
03625dc1 | 448 | contains either |
a424f7c0 MK |
449 | .BR RESOLVE_IN_ROOT |
450 | or | |
451 | .BR RESOLVE_BENEATH , | |
03625dc1 MK |
452 | and an escape from the root during path resolution was detected. |
453 | .TP | |
454 | .B EXDEV | |
7b7aad69 | 455 | .I how.resolve |
03625dc1 MK |
456 | contains |
457 | .BR RESOLVE_NO_XDEV , | |
4ec6d407 | 458 | and a path component crosses a mount point. |
89de5055 AS |
459 | .SH VERSIONS |
460 | .BR openat2 () | |
461 | first appeared in Linux 5.6. | |
c85ebb3c | 462 | .\" commit fddb5d430ad9fa91b49b1d34d0202ffe2fa0e179 |
89de5055 AS |
463 | .SH CONFORMING TO |
464 | This system call is Linux-specific. | |
0389373e | 465 | .PP |
89de5055 AS |
466 | The semantics of |
467 | .B RESOLVE_BENEATH | |
669403e9 | 468 | were modeled after FreeBSD's |
89de5055 | 469 | .BR O_BENEATH . |
89de5055 AS |
470 | .SH NOTES |
471 | Glibc does not provide a wrapper for this system call; call it using | |
472 | .BR syscall (2). | |
2d82152f | 473 | .\" |
89de5055 | 474 | .SS Extensibility |
4ec6d407 | 475 | In order to allow for future extensibility, |
89de5055 | 476 | .BR openat2 () |
4ec6d407 MK |
477 | requires the user-space application to specify the size of the |
478 | .I open_how | |
479 | structure that it is passing. | |
89de5055 AS |
480 | By providing this information, it is possible for |
481 | .BR openat2 () | |
4ec6d407 | 482 | to provide both forwards- and backwards-compatibility, with |
89de5055 | 483 | .I size |
4ec6d407 MK |
484 | acting as an implicit version number. |
485 | (Because new extension fields will always | |
486 | be appended, the structure size will always increase.) | |
89de5055 | 487 | This extensibility design is very similar to other system calls such as |
a424f7c0 MK |
488 | .BR perf_setattr (2), |
489 | .BR perf_event_open (2), | |
490 | and | |
491 | .BR clone3 (2). | |
0389373e | 492 | .PP |
89de5055 AS |
493 | If we let |
494 | .I usize | |
4ec6d407 | 495 | be the size of the structure as specified by the user-space application, and |
89de5055 | 496 | .I ksize |
4ec6d407 | 497 | be the size of the structure which the kernel supports, then there are |
89de5055 | 498 | three cases to consider: |
3fcaeb80 | 499 | .IP \(bu 2 |
89de5055 | 500 | If |
a424f7c0 MK |
501 | .IR ksize |
502 | equals | |
503 | .IR usize , | |
89de5055 AS |
504 | then there is no version mismatch and |
505 | .I how | |
506 | can be used verbatim. | |
3fcaeb80 | 507 | .IP \(bu |
89de5055 | 508 | If |
a424f7c0 MK |
509 | .IR ksize |
510 | is larger than | |
511 | .IR usize , | |
4ec6d407 MK |
512 | then there are some extension fields that the kernel supports |
513 | which the user-space application | |
89de5055 | 514 | is unaware of. |
4ec6d407 MK |
515 | Because a zero value in any added extension field signifies a no-op, |
516 | the kernel | |
517 | treats all of the extension fields not provided by the user-space application | |
518 | as having zero values. | |
89de5055 | 519 | This provides backwards-compatibility. |
3fcaeb80 | 520 | .IP \(bu |
89de5055 | 521 | If |
a424f7c0 MK |
522 | .IR ksize |
523 | is smaller than | |
524 | .IR usize , | |
4ec6d407 MK |
525 | then there are some extension fields which the user-space application |
526 | is aware of but which the kernel does not support. | |
527 | Because any extension field must have its zero values signify a no-op, | |
528 | the kernel can | |
89de5055 | 529 | safely ignore the unsupported extension fields if they are all-zero. |
0105739e | 530 | If any unsupported extension fields are non-zero, then \-1 is returned and |
89de5055 AS |
531 | .I errno |
532 | is set to | |
533 | .BR E2BIG . | |
534 | This provides forwards-compatibility. | |
89de5055 | 535 | .PP |
4ec6d407 | 536 | Because the definition of |
89de5055 AS |
537 | .I struct open_how |
538 | may change in the future (with new fields being added when system headers are | |
4ec6d407 | 539 | updated), user-space applications should zero-fill |
89de5055 | 540 | .I struct open_how |
4ec6d407 | 541 | to ensure that recompiling the program with new headers will not result in |
2359744f MK |
542 | spurious errors at runtime. |
543 | The simplest way is to use a designated | |
669403e9 | 544 | initializer: |
89de5055 AS |
545 | .PP |
546 | .in +4n | |
547 | .EX | |
3fcaeb80 MK |
548 | struct open_how how = { .flags = O_RDWR, |
549 | .resolve = RESOLVE_IN_ROOT }; | |
89de5055 AS |
550 | .EE |
551 | .in | |
552 | .PP | |
4ec6d407 MK |
553 | or explicitly using |
554 | .BR memset (3) | |
555 | or similar: | |
89de5055 AS |
556 | .PP |
557 | .in +4n | |
558 | .EX | |
559 | struct open_how how; | |
560 | memset(&how, 0, sizeof(how)); | |
561 | how.flags = O_RDWR; | |
562 | how.resolve = RESOLVE_IN_ROOT; | |
563 | .EE | |
564 | .in | |
565 | .PP | |
4ec6d407 MK |
566 | A user-space application that wishes to determine which extensions |
567 | the running kernel supports can do so by conducting a binary search on | |
89de5055 | 568 | .IR size |
4ec6d407 | 569 | with a structure which has every byte nonzero (to find the largest value |
2359744f | 570 | which doesn't produce an error of |
4ec6d407 | 571 | .BR E2BIG ). |
89de5055 AS |
572 | .SH SEE ALSO |
573 | .BR openat (2), | |
574 | .BR path_resolution (7), | |
575 | .BR symlink (7) |