+ /* Concatenate the current working directory and pathname into an
+ * absolute path. We use realpath() ONLY on the cwd part, and not
+ * on the pathname part, because realpath() resolves symlinks. And
+ * the whole point of all this crap is to avoid following symlinks
+ * in the pathname.
+ *
+ * Using realpath() on the cwd lets us operate on relative paths
+ * while we're sitting in a directory that happens to have a
+ * symlink in it; for example: cd /var/run && apply-default-acl foo.
+ */
+ char* cwd = get_current_dir_name();
+ if (cwd == NULL) {
+ perror("safe_open (get_current_dir_name)");
+ return -1;
+ }
+
+ char abs_cwd[PATH_MAX];
+ if (realpath(cwd, abs_cwd) == NULL) {
+ perror("safe_open (realpath)");
+ free(cwd);
+ return -1;
+ }
+ snprintf_result = snprintf(abspath, PATH_MAX, "%s/%s", abs_cwd, pathname);
+ free(cwd);
+ }
+ if (snprintf_result == -1 || snprintf_result > PATH_MAX) {
+ perror("safe_open (snprintf)");
+ return -1;
+ }
+
+ int fd = open("/", flags);
+ if (strcmp(abspath, "/") == 0) {
+ return fd;
+ }
+
+ int result = safe_open_ex(fd, abspath+1, flags);
+ if (close(fd) == -1) {
+ perror("safe_open (close)");
+ return -1;