[$] Restricting path name lookup with openat2()

Looking up a file given a path name seems like a straightforward task, butit turns out to be one of the more complex things the kernel does. Thingsget more complicated if one is trying to write robust (user-space) codethat can do the right thing with paths that are controlled by a potentiallyhostile user. Attempts to make the open() andopenat() system calls safer date backat least to an attempt to add O_BENEATH in 2014, but numerous problems remain. Aleksa Sarai, who has been working in this area for a while, has nowconcluded that a new version of openat(), naturally called openat2(),is required to truly solve this problem.