dirfd: preliminary unix and windows implementations

[Qelxiros]

Tracking issue: #120426

As per this comment, this issue needs someone to start work on an implementation, so I've implemented a couple functions for UNIX. There's a lot more work to be done here (most of the feature), so I'd love some guidance on what needs fixing in this PR and any notes on how to proceed. Thanks!

try-job: x86_64-msvc*
try-job: test-various*
try-job: dist-various*

[rustbot]

r? @workingjubilee

rustbot has assigned @workingjubilee.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

[jieyouxu]

r? libs

[bors]

☔ The latest upstream changes (presumably #140608) made this pull request unmergeable. Please resolve the merge conflicts.

[Qelxiros]

@tgross35 This has been waiting for a review for two weeks. Should I reroll another reviewer? I'm not sure what the process is here, but I don't want it to slip through the cracks. Is this PR mergeable in it's current state or is there something more I need to implement? Obviously there are more functions in the ACP, but I want to make sure I'm on the right track with what I have.

[ChrisDenton]

Sorry for the delay, quite a lot of us were away for a week+. I can take an initial look at the Windows code.

[Qelxiros]

All good on the delay, and thanks for the review! Those issues should be good now. As a side note to whoever does the next review, there have been a lot of changes on the unix side too since the last review.

[Qelxiros]

@tgross35 are you able to review this?

[tgross35]

@bors2 try

[rust-bors]

⌛ Trying commit f4d6ffc with merge 17a8062…

To cancel the try build, run the command @bors2 try cancel.

[rust-bors]

💔 Test failed

• CI ❌

[Qelxiros]

The default checks aren't useful for testing other platforms.

@bors2 try

[rust-bors]

@Qelxiros: 🔑 Insufficient privileges: not in try users

[tgross35]

@bors2 try

[rust-bors]

⌛ Trying commit d4a9a2b with merge 8b59c72…

To cancel the try build, run the command @bors2 try cancel.

[rust-bors]

💔 Test failed

• CI ❌

[Qelxiros]

@tgross35 I think it'll work now, if you want to try again (pun intended).

[the8472]

I'm not sure if we should guarantee read-only. Directories aren't entirely consistent across unixes.
They different flavors of O_EXEC, O_SEARCH or O_PATH to indicate to open directories for traversal, not necessarily for readdir.

That kind of access can be sufficient for openat for example to traverse deeper into a directory with 0o100 permissions.

Either we can try read access and fallback to traversal-only or always try traversal-only and require the use of OpenOptions::read(true) to make that request.

Currently OpenOptions has no way to express those O_EXEC&Co. except via platform-specifc extension traits.

[Qelxiros]

Do you have tips to find which flag it is for each unix?

I think requiring OpenOptions::read(true) is the better option. Trying for read access and then falling back would either lead to a more complex api (to communicate which method succeeded) or ambiguous results (if we don't communicate that). There might also be a TOCTOU risk, but I'm not sure of that.

Might there also be potential for confusion when refactoring from open to open_with? Is it worth adding a function like open_for_traversal which uses O_EXEC or similar when available and delegates to open otherwise?

Finally, is this blocking? It seems more important that I finish the DirEntry api, and I suspect this is only one of several aspects that face bikeshedding before or during an FCP.

[the8472]

This gives us a File, but for traversal one might need a child-Dir. So we'll need another method for that.

[Qelxiros]

Should this be in addition to create_dir()?