open(2): update ENOTCAPABLE description for .. lookups

After r308212 Capsicum permits .. lookups in capability mode, as long as path component traversal does not escape the directory corresponding to the provided file descriptor. We should add a description of the vfs.lookup_cap_dotdot and vfs.lookup_cap_dotdot_nonlocal sysctls, perhaps as a cross-reference to capsicum(4). I intend to look at that soon. Reviewed by: bjk, cem, kib MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D12343
2017-09-15 20:05:55 +00:00 · 2017-09-15 20:05:55 +00:00 · 487214afa5
commit 487214afa5
parent 011e84e0a7
1 changed files with 4 additions and 2 deletions
--- a/lib/libc/sys/open.2
+++ b/lib/libc/sys/open.2
@ -28,7 +28,7 @@
 .\"     @(#)open.2	8.2 (Berkeley) 11/16/93
 .\" $FreeBSD$
 .\"
-.Dd November 22, 2016
+.Dd September 15, 2017
 .Dt OPEN 2
 .Os
 .Sh NAME
@ -487,7 +487,9 @@ is specified and the process is in capability mode.
 was called and the process is in capability mode.
 .It Bq Er ENOTCAPABLE
 .Fa path
-is an absolute path or contained "..".
+is an absolute path or contained a ".." component leading to a
+directory outside of the directory hierarchy specified by
+.Fa fd .
 .El
 .Sh SEE ALSO
 .Xr chmod 2 ,