syscall_wrappers: add PROTECT_LOOKUP, PROTECT_OPEN,…

src/lxc/file_utils.c

@@ -621,8 +621,8 @@ bool exists_file_at(int dir_fd, const char *path)
 	return fstatat(dir_fd, path, &sb, 0) == 0;
 }
 
-int open_at(int dfd, const char *path, mode_t mode, unsigned int o_flags,
-	    unsigned int resolve_flags)
+int open_at(int dfd, const char *path, unsigned int o_flags,
+	    unsigned int resolve_flags, mode_t mode)
 {
 	__do_close int fd = -EBADF;
 	struct lxc_open_how how = {
@@ -638,7 +638,7 @@ int open_at(int dfd, const char *path, mode_t mode, unsigned int o_flags,
 	if (errno != ENOSYS)
 		return -errno;
 
-	return openat(dfd, path, O_NOFOLLOW | o_flags);
+	return openat(dfd, path, O_NOFOLLOW | o_flags, mode);
 }
 
 int fd_make_nonblocking(int fd)

src/lxc/file_utils.h

@@ -81,15 +81,11 @@ __hidden extern FILE *fdopenat(int dfd, const char *path, const char *mode);
 __hidden extern FILE *fopen_cached(const char *path, const char *mode, void **caller_freed_buffer);
 __hidden extern bool exists_dir_at(int dir_fd, const char *path);
 __hidden extern bool exists_file_at(int dir_fd, const char *path);
-__hidden extern int open_at(int dfd, const char *path, mode_t mode,
-                            unsigned int o_flags, unsigned int resolve_flags);
+__hidden extern int open_at(int dfd, const char *path, unsigned int o_flags,
+			    unsigned int resolve_flags, mode_t mode);
 static inline int open_beneath(int dfd, const char *path, unsigned int flags)
 {
-	return open_at(dfd, path, 0, flags,
-		       RESOLVE_NO_XDEV |
-		       RESOLVE_NO_SYMLINKS |
-		       RESOLVE_NO_MAGICLINKS |
-		       RESOLVE_BENEATH);
+	return open_at(dfd, path, flags, PROTECT_LOOKUP_BENEATH, 0);
 }
 __hidden int fd_make_nonblocking(int fd);
 __hidden extern char *read_file_at(int dfd, const char *fnam);