[$] Restricting pathname resolution with AT_NO_JUMPS

On April 29, Al Viro posted apatch on the linux-api mailing list adding a new flag to be used inconjunction with the ...at() family of system calls. The flag is forcontaining pathname resolution to the same filesystem and subtree asthe given starting point. This is a useful feature to have forimplementing file I/O in programs that accept pathnames as untrusted userinput. The ensuing discussion made it clear that there were multiple usecases for such a feature, especially if the granularity of its restrictionscould be increased.