>> For access checks, [...].  I think it would be better to have
>> something like the fh*() family of syscalls for this purpose

> Opening directly by file handle using fhopen(2) has problems.

> Notably: In Unix, restricting the permissions of a common parent in
> the directory hierarchy effectively restricts the permissions
> underneath that common parent, because people can't traverse the
> common parent to get to the children.

Yes.  But note that for calls that involve a path walk, I was
recommending using the path which is already at hand.  Something
fh*()-like was only for calls which don't involve paths, and for those,
you must already have access to the vnode anyway, so performing checks
based on a path walk is inappropriate.  After all, if you open a file
and then, while it's open, protect the path, it doesn't prevent you
from accessing the file as long as you keep it open.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B