On Tue, Jun 23, 2026 at 6:03 PM Dag-Erling Smørgrav <[email protected]> wrote: > > Alan Somers <[email protected]> writes: > > commit e03ed9daeb49fffa1d16b8d00240c65e92650d01 > > Author: Jitendra Bhati <[email protected]> > > AuthorDate: 2026-06-12 17:07:55 +0000 > > Commit: Alan Somers <[email protected]> > > CommitDate: 2026-06-23 14:53:56 +0000 > > > > fts: refactor to use fd-relative operations internally > > > > Replace all _open() calls with _openat() in __fts_open(), fts_read(), > > and fts_children(). > > > > Add fts_dirfd to FTSENT. Callers can use > > openat(ent->fts_dirfd, ent->fts_name, ...) to access files > > safely without relying on fts_accpath, which enables: > > > > 1. Capsicum capability mode where path-based operations fail > > 2. Security-sensitive programs that avoid TOCTOU races > > > > Replace statfs(ent->fts_path) with _fstatfs(ent->fts_dirfd) in > > fts_ufslinks() when fts_dirfd is valid, falling back to statfs() for > > root-level entries where fts_dirfd is -1 > > > > This is a preparatory change for fts_openat() which will allow > > callers to provide a pre-opened directory fd, enabling fts(3) > > traversal inside Capsicum capability mode. > > > > Sponsored by: Google LLC (GSoC 2026) > > Reviewed by: asomers, jillest > > MFC after: 2 weeks > > Pull Request: https://github.com/freebsd/freebsd-src/pull/2278 > > This needs to be reverted. It changes struct _ftsent which is part of > the libc ABI. You will have to fork FTS (again) and have one version > with fts_dirfd and fts_openat() and one without.
I don't think there's any guarantee that the size of _ftsent is fixed. Since the API only passes FTSENT around by pointer, we are free to add fields. Or am I missing something?
