upstream kernel hardening: O_EMPTYPATH #16
Description
We need to have an alternative interface to re-open through /proc/self/fd/$n. Because it's possible to bind-mount over magic-links we can't trust /proc/self/fd/$n and thus need a proc-less way to do this.
This is a prerequisite of #7 and #15.
#42 solves this problem for the most part, except for unprivileged users where an attacker can modify the mount table while you're doing the lookup. It would be nice to solve this though.