gh-89341: Support creation of a link to the file by fd

[serhiy-storchaka]

• Issue: Support linking unnamed temp files into filesystem on Linux #89341

[vstinner]

On my Fedora 42, I can use AT_EMPTY_PATH as a regular user. I don't need to be root.

[serhiy-storchaka]

This is difficult to check. What getpcaps $$ and cat /proc/$$/status | grep CapEff return to you.

[vstinner]

vstinner@mona$ getpcaps $$
103445: cap_wake_alarm=i
vstinner@mona$ cat /proc/$$/status | grep CapEff
CapEff:	0000000000000000

[serhiy-storchaka]

It does not look like your shell has such capability. Maybe Fedora has patches that ignores it?

[vstinner]

My test which works as a normal user on Fedora 42:

import tempfile
import os
import ctypes

TESTNAME = b"linkat_test"

libc = ctypes.cdll.LoadLibrary("libc.so.6")
linkat = libc.linkat
linkat.argtypes = (
    ctypes.c_int,
    ctypes.c_char_p,
    ctypes.c_int,
    ctypes.c_char_p,
    ctypes.c_int,
)
linkat.restype = ctypes.c_int

AT_FDCWD = -100
AT_EMPTY_PATH = 0x1000

def link_file(fd):
    res = linkat(fd, b"",
                 AT_FDCWD, TESTNAME,
                 AT_EMPTY_PATH)
    if res:
        errno = ctypes.get_errno()
        print("linkat() failed: res", res, "errno", errno)
        raise OSError(errno)

try:
    os.unlink(TESTNAME)
except FileNotFoundError:
    pass

fd = os.open(".", os.O_WRONLY | os.O_TMPFILE)
os.write(fd, b"hello world\n")
link_file(fd)
os.close(fd)

with open(TESTNAME) as fp:
    print(fp.read(), end="")

os.unlink(TESTNAME)

[serhiy-storchaka]

It fails on Ubuntu.

linkat() failed: res -1 errno 0
Traceback (most recent call last):
  File "/home/serhiy/py/cpython/t136302.py", line 37, in <module>
    link_file(fd)
    ~~~~~~~~~^^^^
  File "/home/serhiy/py/cpython/t136302.py", line 28, in link_file
    raise OSError(errno)
OSError: 0

[vstinner]

I don't know why Fedora behaves differently. Kernel code:

	/*
	 * To use null names we require CAP_DAC_READ_SEARCH or
	 * that the open-time creds of the dfd matches current.
	 * This ensures that not everyone will be able to create
	 * a hardlink using the passed file descriptor.
	 */
	if (flags & AT_EMPTY_PATH)
		how |= LOOKUP_LINKAT_EMPTY;

[serhiy-storchaka]

I think that torvalds/linux@42bd2af is the cause.

There was no condition "or that the open-time creds of the dfd matches current" initially. This change makes the feature more usable.

I have pretty old kernel (was not able to boot with newer kernels after upgrade), so I cannot test this. I am not particularly interested in this feature. You can continue work (update the test, add the documentation) if you wish.