git.kaiwu.me - nginx.git/commit

author	Valentin Bartenev <vbart@nginx.com>
	Mon, 2 Sep 2013 04:07:59 +0000 (08:07 +0400)
committer	Valentin Bartenev <vbart@nginx.com>
	Mon, 2 Sep 2013 04:07:59 +0000 (08:07 +0400)
commit	7b373841407b198759276242ab2dc4e5f78adb21
tree	f35c77ca4f893ff99d67504e8eb5ae2421ef6b09	tree \| snapshot
parent	231ed198e11efc5bf39bf2d02ddb1756a8ee2eec	commit \| diff

Disable symlinks: use O_PATH to open path components.

It was introduced in Linux 2.6.39, glibc 2.14 and allows to obtain
file descriptors without actually opening files.  Thus made it possible
to traverse path with openat() syscalls without the need to have read
permissions for path components.  It is effectively emulates O_SEARCH
which is missing on Linux.

O_PATH is used in combination with O_RDONLY.  The last one is ignored
if O_PATH is used, but it allows nginx to not fail when it was built on
modern system (i.e. glibc 2.14+) and run with a kernel older than 2.6.39.
Then O_PATH is unknown to the kernel and ignored, while O_RDONLY is used.

Sadly, fstat() is not working with O_PATH descriptors till Linux 3.6.
As a workaround we fallback to fstatat() with the AT_EMPTY_PATH flag
that was introduced at the same time as O_PATH.

auto/os/linux		diff \| blob \| history
src/core/ngx_open_file_cache.c		diff \| blob \| history
src/os/unix/ngx_files.h		diff \| blob \| history