At the moment, Root::create_file is explcitly O_CREAT|O_EXCL|O_NOFOLLOW which is the most secure and straight-forward implemementation that will work regardless of the resolver implementation.
However, it seems possible users might prefer having more open-like O_CREAT support. Namely:
O_CREAT without O_EXCL, to allow you to create-or-open an existing directory (possibly with O_TRUNC). This is a fairly common thing programs do, so blocking it in the interests of safety is probably something people will bristle against.O_CREAT without O_NOFOLLOW allows you to create the target of a dangling symlink. I suspect this is a very rarely-used feature of O_CREAT (and I view it as a mis-feature) but it is something that it is not reasonably possible to emulate as a libpathrs user without going through a lot of hoops. It's not clear to me whether this is going to be reasonable to implement for the O_PATH resolver (for openat2 it's trivial).
At the moment,
Root::create_fileis explcitlyO_CREAT|O_EXCL|O_NOFOLLOWwhich is the most secure and straight-forward implemementation that will work regardless of the resolver implementation.However, it seems possible users might prefer having more
open-likeO_CREATsupport. Namely:O_CREATwithoutO_EXCL, to allow you to create-or-open an existing directory (possibly withO_TRUNC). This is a fairly common thing programs do, so blocking it in the interests of safety is probably something people will bristle against.O_CREATwithoutO_NOFOLLOWallows you to create the target of a dangling symlink. I suspect this is a very rarely-used feature ofO_CREAT(and I view it as a mis-feature) but it is something that it is not reasonably possible to emulate as alibpathrsuser without going through a lot of hoops. It's not clear to me whether this is going to be reasonable to implement for theO_PATHresolver (foropenat2it's trivial).