| SYD-OFD(1) | General Commands Manual | SYD-OFD(1) |
syd-ofd - Take a lock on a file, then execute into another program
syd-ofd [-n | -N] [-t timeout] [-d fd] [-s=-r | -x=-w] file {command [arg...]}
syd-ofd takes a lock on a file, then executes into another program. It is functionally identical to the s6-setlock(1) utility except it uses OFD locks which are new in POSIX 2024. This lock type is also known as "file-private locks" and is open file description-based rather than process based like the old-style POSIX locks that s6-setlock(1) uses. This allows syd(1) to pass the file descriptor to the sandbox process and close its own copy while the sandbox process still holding the lock which is not possible with old style locks and s6-setlock(1).
| -h | Display help. |
| -n | Nonblocking lock. If syd-ofd cannot acquire the lock, it will exit 11 ("EAGAIN": Try again) immediately. |
| -N | Blocking lock. syd-ofd will wait until it can acquire the lock. This is the default. |
| -t timeout | Timed lock. If syd-ofd cannot acquire the lock after timeout milliseconds, it will exit 4 ("EINTR": Interrupted system call). |
| -s=-r | Shared lock. Other shared locks on the same file will not prevent the lock from being acquired (but an exclusive lock will). |
| The -r option is retained for compatibility with the s6-setlock(1) utility. | |
| -x=-w | Exclusive lock. This is the default. |
| The -w option is retained for compatibility with the s6-setlock(1) utility. | |
| -d fd | Make the lock visible in program on file descriptor fd. |
On clean exit, syd-ofd exits with the same code as the child process. On unclean termination, exit code is set to 128 plus signal number. In case executing the child process fails syd-ofd exits with the errno(3) number.
syd-ofd uses openat(2) with the resolve flags RESOLVE_NO_MAGICLINKS and RESOLVE_NO_SYMLINKS when opening or creating the lock file. Consequently, if any component of the specified path is a symbolic link, the call fails and returns error code 40 (ELOOP: "Too many symbolic links encountered"). In the same manner, the presence of any .. (dot-dot) component in the lock-file path causes the call to fail and return error code 13 (EACCES: "Permission denied"). This restriction is intended to mitigate confused-deputy vulnerabilities during lock-file creation and related file operations by preventing an intermediary or less-privileged actor from redirecting the operation via symbolic links or parent-directory (..) components to an unintended filesystem location.
syd(1), syd(2), syd(5), syd-lock(1), syd-mdwe(1), syd-pds(1), syd-sec(1), s6-setlock(1), fcntl(2), F_OFD_SETLKW(2const), openat2(2)
Maintained by Ali Polatel. Up-to-date sources can be found at https://gitlab.exherbo.org/sydbox/sydbox.git and bugs/patches can be submitted to https://gitlab.exherbo.org/groups/sydbox/-/issues. Discuss in #sydbox on Libera Chat or in #sydbox:mailstation.de on Matrix.
| 2025-11-14 |