[PATCH] libc++: Add option to disable access to the global filesystem namespace
Joerg Sonnenberger
joerg at britannica.bec.de
Tue Mar 10 06:07:02 PDT 2015
On Tue, Mar 10, 2015 at 11:03:12AM +0000, Ed Schouten wrote:
> Systems like FreeBSD's Capsicum and Nuxi CloudABI apply the concept of
> capability-based security on the way processes can interact with the
> filesystem API. It is no longer to interact with the VFS through calls
> like open(), unlink(), rename(), etc. Instead, processes are only
> allowed to interact with files and directories to which they have been
> granted access. The *at() functions can be used for this purpose.
This doesn't make sense to me. All those functions can be used with both
absolute and relative path names. So why do you force use of *at(), when
arguments relative to CWD already fall into the restricted category?
Joerg
More information about the cfe-commits
mailing list