safe_open_ex: add a comment about why O_PATH doesn't work.

[apply-default-acl.git] / src / libadacl.c

diff --git a/src/libadacl.c b/src/libadacl.c
index 8e36230c0c09ace1eb85868ecdecc4155cd457ec..01cb4adaea9ebef67d9358b6ac1b5555dc452500 100644 (file)
--- a/src/libadacl.c
+++ b/src/libadacl.c
@@ -40,12 +40,18 @@
  *   open a file descriptor in a symlink-safe way when combined with
  *   the @c O_NOFOLLOW flag.
  *
+ * The @c O_PATH flag is not used because we want to fail upon
+ * encountering any symlinks.
+ *
  * @param at_fd
  *   A file descriptor relative to which @c pathname will be opened.
  *
  * @param pathname
  *   The path to the file/directory/whatever whose descriptor you want.
  *
+ * @param flags
+ *   File status flags to be passed to @c openat.
+ *
  * @return a file descriptor for @c pathname if everything goes well,
  *   and @c OPEN_ERROR if not.
  */
@@ -106,6 +112,9 @@ int safe_open_ex(int at_fd, char* pathname, int flags) {
  * @param pathname
  *   The path to the file/directory/whatever whose descriptor you want.
  *
+ * @param flags
+ *   File status flags to be passed to @c openat.
+ *
  * @return a file descriptor for @c pathname if everything goes well,
  *   and @c OPEN_ERROR if not.
  */
@@ -154,6 +163,11 @@ int safe_open(const char* pathname, int flags) {
   }
 
   int fd = open("/", flags);
+  if (fd == OPEN_ERROR) {
+    perror("safe_open (open)");
+    return OPEN_ERROR;
+  }
+
   if (strcmp(abspath, "/") == 0) {
     return fd;
   }