Linux 5.6 Kernel Adds New System Call For "openat2" - More Extensible openat()

A new system call added to the very feature rich Linux 5.6 kernel is openat2() for more extensible behavior compared to the existing openat() functionality.

The openat() system call has long existed as similar to open() but allowing relative paths to the directory stipulated by the passed file descriptor. With time trying to extend openat() has led to headaches for developers that is now made more extensible with openat2().

The openat2() system call allows returning an error when an invalid flag is passed (a previous issue with openat in not knowing whether a given flag was supported by the current kernel) and making the syscall more extensible for handling future file-system features. Openat2 is explained in more detail via this Git commit.

Al Viro sent in the openat2() support via this pull request. As part of the openat2() series is also new resolution restriction flags for protecting against difference race conditions and attack scenarios. Among those flags that can be passed to openat2() allow for blocking symlink traversals, blocking magic link traversals, blocking VFS mount traversals, and blocking any path components resolving outside the starting point of the resolution.