1 files changed, 81 insertions, 2 deletions
diff --git a/lib/libsys/open.2 b/lib/libsys/open.2
index d8540637b690..a0e905a8f375 100644
--- a/lib/libsys/open.2
+++ b/lib/libsys/open.2
@@ -25,7 +25,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd February 28, 2025
+.Dd May 17, 2025
 .Dt OPEN 2
 .Os
 .Sh NAME
@@ -195,6 +195,9 @@ error if file is not a directory
 .It Dv O_CLOEXEC
 automatically close file on
 .Xr execve 2
+.It Dv O_CLOFORK
+automatically close file on any child process created with
+.Fn fork 2
 .It Dv O_VERIFY
 verify the contents of the file with
 .Xr mac_veriexec 4
@@ -210,6 +213,8 @@ record only the target path in the opened descriptor
 open file referenced by
 .Fa fd
 if path is empty
+.It Dv O_NAMEDATTR
+open a named attribute or named attribute directory
 .El
 .Pp
 Exactly one of the flags
@@ -358,6 +363,27 @@ may be used to set
 .Dv FD_CLOEXEC
 flag for the newly returned file descriptor.
 .Pp
+.Dv O_CLOFORK
+may be used to set
+.Dv FD_CLOFORK
+flag for the newly returned file descriptor.
+The file will be closed on any child process created with
+.Fn fork 2 ,
+.Fn vfork 2
+or
+.Fn rfork 2
+with the
+.Dv RFFDG
+flag, remaining open in the parent.
+Both the
+.Dv O_CLOEXEC
+and
+.Dv O_CLOFORK
+flags can be modified with the
+.Dv F_SETFD
+.Fn fcntl 2
+command.
+.Pp
 .Dv O_VERIFY
 may be used to indicate to the kernel that the contents of the file should
 be verified before allowing the open to proceed.
@@ -464,6 +490,13 @@ flag for
 .Xr fstatat 2
 and related syscalls.
 .Pp
+Conversely, a file descriptor
+.Dv fd
+referencing a filesystem file can be converted to the
+.Dv O_PATH
+type of descriptor by using the following call
+.Dl opath_fd = openat(fd, \[dq]\[dq], O_EMPTY_PATH | O_PATH);
+.Pp
 If successful,
 .Fn open
 returns a non-negative integer, termed a file descriptor.
@@ -499,6 +532,42 @@ and the description of the
 .Dv O_CLOEXEC
 flag.
 .Pp
+When the
+.Dv O_NAMEDATTR
+flag is specified for an
+.Fn openat
+where the
+.Fa fd
+argument is for a file object,
+a named attribute for the file object
+is opened and not the file object itself.
+If the
+.Dv O_CREAT
+flag has been specified as well, the named attribute will be
+created if it does not exist.
+When the
+.Dv O_NAMEDATTR
+flag is specified for a
+.Fn open ,
+a named attribute for the current working directory is opened and
+not the current working directory.
+The
+.Fa path
+argument for this
+.Fn openat
+or
+.Fn open
+must be a single component name with no embedded
+.Ql / .
+If the
+.Fa path
+argument is
+.Ql .\&
+then the named attribute directory for the file object is opened.
+(See
+.Xr named_attribute 7
+for more information.)
+.Pp
 The system imposes a limit on the number of file descriptors
 open simultaneously by one process.
 The
@@ -730,6 +799,10 @@ contains a ".." component, the
 .Dv vfs.lookup_cap_dotdot
 .Xr sysctl 3
 is set, and the process is in capability mode.
+.It Bq Er ENOATTR
+.Dv O_NAMEDATTR
+has been specified and the file object is not a named attribute
+directory or named attribute.
 .El
 .Sh SEE ALSO
 .Xr chmod 2 ,
@@ -745,7 +818,8 @@ is set, and the process is in capability mode.
 .Xr umask 2 ,
 .Xr write 2 ,
 .Xr fopen 3 ,
-.Xr capsicum 4
+.Xr capsicum 4 ,
+.Xr named_attribute 7
 .Sh STANDARDS
 These functions are specified by
 .St -p1003.1-2008 .
@@ -794,6 +868,11 @@ function was introduced in
 .Fx 8.0 .
 .Dv O_DSYNC
 appeared in 13.0.
+.Dv O_NAMEDATTR
+appeared in 15.0.
+.Dv O_CLOFORK
+appeared in
+.Fx 15.0 .
 .Sh BUGS
 The
 .Fa mode