Comment 1 Ed Maste 2023-11-24 15:01:01 UTC

Looks like that flag is:
#define AT_SYMLINK_NOFOLLOW     0x100   /* Do not follow symbolic links.  */

Are you able to apply a patch and build a new kernel to test?

Comment 2 Ed Maste 2023-11-24 15:06:46 UTC

Ah, more extensive change is required, note the XXX comment in linux_faccessat2:

int
linux_faccessat2(struct thread *td, struct linux_faccessat2_args *args)
{
        int flags, unsupported;

        /* XXX. AT_SYMLINK_NOFOLLOW is not supported by kern_accessat */
        unsupported = args->flags & ~(LINUX_AT_EACCESS | LINUX_AT_EMPTY_PATH);
        if (unsupported != 0) {
                linux_msg(td, "faccessat2 unsupported flag 0x%x", unsupported);
                return (EINVAL);
        }

(In reply to Ed Maste from comment #1)

I would be more than happy to help with testing provided patches. No problem with either patching and building.

Comment 4 Ed Maste 2023-11-24 16:27:17 UTC

(In reply to Kenneth Raplee from comment #3)
Great, thanks. I thought I was going to have a straightforward, small patch to test before finding the source code comment that I left in PR comment #2.

(In reply to Ed Maste from comment #4)
It's understood. I still wanted to put myself out there for testing. :)

I have the same issue in jailed Devuan:

linux: jid 18 pid 4585 (python3.11): unsupported setsockopt level 6 optname 31

Comment 7 Fernando Apesteguía 2024-08-09 17:55:36 UTC

Created attachment 252634 [details]
Patch to support AT_SYMLINK_NOFOLLOW in faccess(2)

I gave this a try and came up with this patch. It adds support for AT_SYMLINK_NOFOLLOW in faccessat(2) and it removes the restriction in linux_faccessat2. I didn't test the linuxolator part though.

Would you test it? You don't need to build world, that is only to update a couple of manual pages.

I tested this with access_test.c and the following files:

~/test$ ls -l file link_to_file
--w-------  1 fernape fernape 0 Jul 29 19:23 file
lrwxr-xr-x  1 fernape fernape 4 Jul 29 19:23 link_to_file@ -> file

~/test$ ./a.out file link_to_file 
accessat: Permission denied
accessat: Permission denied
With AT_SYMLINK_NOFOLLOW:
accessat: Permission denied
link is accessible

Comment 8 Fernando Apesteguía 2024-08-09 17:56:19 UTC

Created attachment 252635 [details]
Build with clang -Wall access_test.c

Test program.

(In reply to Fernando Apesteguía from comment #7)
It looks like I got the same result after applying your patch, rebuilding my entire system from habit, and then running your test program.

```
kenrap@freebsd [~/Projects/access_test] % ls -l
total 14
-rwxr-xr-x  1 kenrap kenrap 10688 Aug  9 12:07 a.out
-rw-r--r--  1 kenrap kenrap  1336 Aug  9 12:07 access_test.c
--w-------  1 kenrap kenrap     0 Aug  9 12:06 file
lrwxr-xr-x  1 kenrap kenrap     4 Aug  9 12:06 link_to_file -> file
kenrap@freebsd [~/Projects/access_test] % ./a.out file link_to_file
accessat: Permission denied
accessat: Permission denied
With AT_SYMLINK_NOFOLLOW:
accessat: Permission denied
link is accessible
```

My current build is from the d349bd35330d commit:
https://cgit.freebsd.org/src/commit/?id=d349bd35330d3ec7ce1d3e7d6c2d6fc1f6a95704

Also, would you like me to test by using an Ubuntu linuxulator? I would need to setup one again.

Comment 10 Konstantin Belousov 2024-08-09 21:23:26 UTC

Please put the patch on phab.

Comment 11 Fernando Apesteguía 2024-08-09 21:34:45 UTC

(In reply to Konstantin Belousov from comment #10)
Will do during the weekend.

Thanks.

So I went ahead and made a Devuan jail for testing. This choice was both inspired by Sergei's earlier comment and to go with a systemd-less jail to possibly reduce complications and problems with the linuxulation.

While running Brave didn't work again, it did produce a different error due to Devuan's bash not using libtinfo6 which is already installed as a package. I see this as progress nonetheless. :)

kenrap@freebsd [~] % linux-brave
/usr/jails/devuan/rootfs/bin/bash: error while loading shared libraries: libtinfo.so.6: cannot open shared object file: No such file or directory

Comment 13 Fernando Apesteguía 2024-08-10 11:48:02 UTC

(In reply to Konstantin Belousov from comment #10)
Done: https://reviews.freebsd.org/D46267

I took the liberty of adding you as reviewer.

Comment 14 commit-hook 2024-08-11 15:55:20 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=5ab6ed93cd3680f8b69dd4d05823f4740a2bdef9

commit 5ab6ed93cd3680f8b69dd4d05823f4740a2bdef9
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2024-08-11 15:43:04 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-08-11 15:49:06 +0000

    faccessat(2): Honor AT_SYMLINK_NOFOLLOW

    Make the system call honor `AT_SYMLINK_NOFOLLOW`.

    Also enable this from `linux_faccessat2` where the issue arised the first time.
    Update manual pages accordingly.

    PR:                     275295
    Reported by:            kenrap@kennethraplee.com
    Approved by:            kib@
    Differential Revision:  https://reviews.freebsd.org/D46267

 bin/ln/symlink.7              | 3 ++-
 lib/libsys/access.2           | 6 +++++-
 sys/compat/linux/linux_file.c | 6 ++++--
 sys/kern/vfs_syscalls.c       | 7 ++++---
 4 files changed, 15 insertions(+), 7 deletions(-)

Comment 15 Fernando Apesteguía 2024-08-11 15:57:42 UTC

(In reply to Kenneth Raplee from comment #12)
Hi Kenneth, 

Thanks for the feedback. The patch for faccessat(2) has landed in the tree.
I would like to close this issue.

Would you mind opening a separate PR for the libtinfo issue?

(In reply to Fernando Apesteguía from comment #15)
Sure thing! I just opened it here:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280760

And thanks for the fix and getting it landed so soon! :)

Comment 17 commit-hook 2024-09-26 14:48:05 UTC

A commit in branch stable/14 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=ddbbc129ae0fc35cef2834b308097ae1490176e3

commit ddbbc129ae0fc35cef2834b308097ae1490176e3
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2024-08-11 15:43:04 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2024-09-26 13:13:50 +0000

    faccessat(2): Honor AT_SYMLINK_NOFOLLOW

    Make the system call honor `AT_SYMLINK_NOFOLLOW`.

    Also enable this from `linux_faccessat2` where the issue arised the first time.
    Update manual pages accordingly.

    PR:                     275295
    Reported by:            kenrap@kennethraplee.com
    Approved by:            kib@
    Differential Revision:  https://reviews.freebsd.org/D46267

    (cherry picked from commit 5ab6ed93cd3680f8b69dd4d05823f4740a2bdef9)

 bin/ln/symlink.7              | 5 ++---
 lib/libc/sys/access.2         | 8 +++++---
 sys/compat/linux/linux_file.c | 6 ++++--
 sys/kern/vfs_syscalls.c       | 7 ++++---
 4 files changed, 15 insertions(+), 11 deletions(-)