K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2010-01-30T19:15:40.427705Z
K 7
svn:log
V 606
Merge c171017 from the p4 TrustedBSD Capabilities branch to capabilities8:

  Add openat(2) in capability mode.

  openat(2) is now permitted in capability mode, subject to the
  constraint that the relative path must not "escape" the FD that
  the lookup is being conducted relative to. This results in EPERM
  when in capability mode (no change otherwise).

  openat(2) also now wraps the resulting FD with a capability if the
  directory FD was a capability. The rights of the new capability
  are identical to those of the original.

Submitted by:	Jonathan Anderson <jonathan.anderson at cl.cam.ac.uk>

END