High-Performance-IO · marcoSanti · Aug 1, 2025 · Aug 1, 2025
diff --git a/src/common/capio/constants.hpp b/src/common/capio/constants.hpp
@@ -155,6 +155,10 @@ constexpr char CAPIO_SERVER_ARG_PARSER_CONFIG_NCONTINUE_ON_ERROR_HELP[] =
     "specified,  and a fatal termination point is reached, the behaviour of capio is undefined and "
     "should not  be taken as valid";
 
+constexpr char CAPIO_SERVER_ARG_PARSER_CONFIG_RESOLVE_RELATIVE_TO_HELP[] =
+    "When finding relative paths in the CAPIO-CL configuration file, resolve them relative to the "
+    "provided path";
+
 constexpr char CAPIO_SERVER_ARG_PARSER_CONFIG_CONTROL_PLANE_BACKEND[] =
     "Which control plane backend to used. Options: <multicast | fs>. Defaults to <multicast>";
 

diff --git a/src/posix/handlers.hpp b/src/posix/handlers.hpp
@@ -17,7 +17,6 @@
 #include "handlers/fgetxattr.hpp"
 #include "handlers/fork.hpp"
 #include "handlers/getcwd.hpp"
-#include "handlers/getdents.hpp"
 #include "handlers/ioctl.hpp"
 #include "handlers/lseek.hpp"
 #include "handlers/mkdir.hpp"

diff --git a/src/posix/handlers/access.hpp b/src/posix/handlers/access.hpp
@@ -19,7 +19,11 @@ int access_handler(long arg0, long arg1, long arg2, long arg3, long arg4, long a
         path = capio_posix_realpath(pathname);
     }
 
-    consent_request_cache_fs->consent_request(path, tid, __FUNCTION__);
+    char resolved_path[PATH_MAX];
+    syscall_no_intercept(SYS_readlink, path.c_str(), resolved_path, PATH_MAX);
+    LOG("Resolved symlink path: %s", resolved_path);
+
+    consent_request_cache_fs->consent_request(resolved_path, tid, __FUNCTION__);
     return CAPIO_POSIX_SYSCALL_REQUEST_SKIP;
 }
 #endif // SYS_access
@@ -32,8 +36,8 @@ int faccessat_handler(long arg0, long arg1, long arg2, long arg3, long arg4, lon
     auto tid = static_cast<pid_t>(syscall_no_intercept(SYS_gettid));
     START_LOG(tid, "call()");
 
-    if (is_forbidden_path(pathname)) {
-        LOG("Path %s is forbidden: skip", pathname.data());
+    if (is_forbidden_path(pathname) || !is_capio_path(pathname)) {
+        LOG("Path %s is forbidden or is not a capio path: skip", pathname.data());
         return CAPIO_POSIX_SYSCALL_REQUEST_SKIP;
     }
 
@@ -58,7 +62,11 @@ int faccessat_handler(long arg0, long arg1, long arg2, long arg3, long arg4, lon
         }
     }
 
-    consent_request_cache_fs->consent_request(path, tid, __FUNCTION__);
+    char resolved_path[PATH_MAX];
+    syscall_no_intercept(SYS_readlink, path.c_str(), resolved_path, PATH_MAX);
+    LOG("Resolved symlink path: %s", resolved_path);
+
+    consent_request_cache_fs->consent_request(resolved_path, tid, __FUNCTION__);
     return CAPIO_POSIX_SYSCALL_REQUEST_SKIP;
 }
 #endif // SYS_faccessat

diff --git a/src/posix/handlers/chdir.hpp b/src/posix/handlers/chdir.hpp
@@ -11,22 +11,22 @@ int chdir_handler(long arg0, long arg1, long arg2, long arg3, long arg4, long ar
     auto tid = static_cast<pid_t>(syscall_no_intercept(SYS_gettid));
 
     START_LOG(tid, "call(path=%s)", pathname.data());
-
-    syscall_no_intercept_flag = true;
+
     if (is_forbidden_path(pathname) || !is_capio_path(pathname)) {
         LOG("Path %s is forbidden: skip", pathname.data());
-        syscall_no_intercept_flag = false;
         return CAPIO_POSIX_SYSCALL_SKIP;
     }
 
     std::filesystem::path path(pathname);
     if (path.is_relative()) {
         path = capio_posix_realpath(path);
     }
+    char resolved_path[PATH_MAX];
+    syscall_no_intercept(SYS_readlink, path.c_str(), resolved_path, PATH_MAX);
+    LOG("Resolved symlink path: %s", resolved_path);
 
-    consent_request_cache_fs->consent_request(path, tid, __FUNCTION__);
+    consent_request_cache_fs->consent_request(resolved_path, tid, __FUNCTION__);
 
-    syscall_no_intercept_flag = false;
     // if not a capio path, then control is given to kernel
     return CAPIO_POSIX_SYSCALL_SKIP;
 }

diff --git a/src/posix/handlers/getdents.hpp b/src/posix/handlers/getdents.hpp
diff --git a/src/posix/handlers/mkdir.hpp b/src/posix/handlers/mkdir.hpp
@@ -33,7 +33,11 @@ inline off64_t capio_mkdirat(int dirfd, const std::string_view &pathname, mode_t
 
     if (is_capio_path(path)) {
 
-        create_request(-1, path, tid);
+        char resolved_path[PATH_MAX];
+        syscall_no_intercept(SYS_readlink, path.c_str(), resolved_path, PATH_MAX);
+        LOG("Resolved symlink path: %s", resolved_path);
+
+        create_request(-1, resolved_path, tid);
     }
     return CAPIO_POSIX_SYSCALL_REQUEST_SKIP;
 }

diff --git a/src/posix/handlers/open.hpp b/src/posix/handlers/open.hpp
@@ -87,18 +87,30 @@ int open_handler(long arg0, long arg1, long arg2, long arg3, long arg4, long arg
             create_request(-1, path.data(), tid);
         } else {
             LOG("not O_CREAT");
-            open_request(-1, path.data(), tid);
+            open_request(-1, path, tid);
         }
     } else {
         LOG("Not a CAPIO path. skipping...");
         return CAPIO_POSIX_SYSCALL_REQUEST_SKIP;
     }
 
-    int fd = static_cast<int>(syscall_no_intercept(SYS_open, arg0, arg1, arg2, arg3, arg4, arg5));
+    char resolved_path[PATH_MAX];
+    syscall_no_intercept(SYS_readlink, path.c_str(), resolved_path, PATH_MAX);
+    LOG("Resolved symlink path: %s", resolved_path);
+
+    /*
+     * Here it might happen that we try to open a symbolic link. instead of opening the link, we
+     * open the resolved link. in this way, when we get the associated path from the File
+     * descriptor, we ensure that the file descriptor is associated to the real file. This way the
+     * server always check on the real file and not on the link
+     */
+
+    int fd = static_cast<int>(syscall_no_intercept(SYS_open, reinterpret_cast<long>(resolved_path),
+                                                   arg1, arg2, arg3, arg4, arg5));
 
     if (is_capio_path(path) && fd >= 0) {
         LOG("Adding capio path");
-        add_capio_fd(tid, path, fd, 0, (flags & O_CLOEXEC) == O_CLOEXEC);
+        add_capio_fd(tid, resolved_path, fd, 0, (flags & O_CLOEXEC) == O_CLOEXEC);
     }
 
     *result = fd;
@@ -136,12 +148,20 @@ int openat_handler(long arg0, long arg1, long arg2, long arg3, long arg4, long a
         return CAPIO_POSIX_SYSCALL_REQUEST_SKIP;
     }
 
-    int fd = static_cast<int>(syscall_no_intercept(SYS_openat, arg0, arg1, arg2, arg3, arg4, arg5));
+    char resolved_path[PATH_MAX];
+    syscall_no_intercept(SYS_readlinkat, arg0, path.c_str(), resolved_path, PATH_MAX);
+    LOG("Resolved symlink path: %s", resolved_path);
+
+    /**
+     * Using readlinkat, we have the realpath of the symbolic link, and we can perform a normal open
+     */
+    int fd = static_cast<int>(syscall_no_intercept(SYS_open, reinterpret_cast<long>(resolved_path),
+                                                   arg1, arg2, arg3, arg4, arg5));
     LOG("fd=%d", fd);
 
     if (is_capio_path(path) && fd >= 0) {
         LOG("Adding capio path");
-        add_capio_fd(tid, path, fd, 0, (flags & O_CLOEXEC) == O_CLOEXEC);
+        add_capio_fd(tid, resolved_path, fd, 0, (flags & O_CLOEXEC) == O_CLOEXEC);
     }
 
     *result = fd;

diff --git a/src/posix/handlers/posix_readdir.hpp b/src/posix/handlers/posix_readdir.hpp
@@ -202,7 +202,12 @@ DIR *opendir(const char *name) {
     }
 
     LOG("Performing consent request to open directory %s", absolute_path.c_str());
-    consent_request_cache_fs->consent_request(absolute_path.c_str(), gettid(), __FUNCTION__);
+
+    char resolved_path[PATH_MAX];
+    syscall_no_intercept(SYS_readlink, absolute_path.c_str(), resolved_path, PATH_MAX);
+    LOG("Resolved symlink path: %s", resolved_path);
+
+    consent_request_cache_fs->consent_request(resolved_path, gettid(), __FUNCTION__);
 
     syscall_no_intercept_flag = true;
     auto dir                  = real_opendir(absolute_path.c_str());
@@ -211,7 +216,7 @@ DIR *opendir(const char *name) {
     if (directory_commit_token_path.find(absolute_path) == directory_commit_token_path.end()) {
         LOG("Commit token path was not found for path %s", absolute_path.c_str());
         auto token_path = new char[PATH_MAX]{0};
-        posix_directory_committed_request(capio_syscall(SYS_gettid), absolute_path, token_path);
+        posix_directory_committed_request(capio_syscall(SYS_gettid), resolved_path, token_path);
         LOG("Inserting token path %s", token_path);
         directory_commit_token_path.insert({absolute_path, token_path});
     }
@@ -222,7 +227,7 @@ DIR *opendir(const char *name) {
     directory_items->emplace(std::string(absolute_path), new std::vector<dirent64 *>());
 
     auto fd = dirfd(dir);
-    LOG("File descriptor for directory %s is %d", absolute_path.c_str(), fd);
+    LOG("File descriptor for directory %s is %d", resolved_path, fd);
 
     add_capio_fd(capio_syscall(SYS_gettid), absolute_path.c_str(), fd, 0, 0);
 

diff --git a/src/posix/handlers/stat.hpp b/src/posix/handlers/stat.hpp
@@ -28,7 +28,11 @@ inline int capio_lstat(const std::string_view &pathname, struct stat *statbuf, p
 
     const std::filesystem::path absolute_path(pathname);
     if (is_capio_path(absolute_path)) {
-        consent_request_cache_fs->consent_request(pathname, tid, __FUNCTION__);
+        char resolved_path[PATH_MAX];
+        syscall_no_intercept(SYS_readlink, absolute_path.c_str(), resolved_path, PATH_MAX);
+        LOG("Resolved symlink path: %s", resolved_path);
+
+        consent_request_cache_fs->consent_request(resolved_path, tid, __FUNCTION__);
     }
     return CAPIO_POSIX_SYSCALL_REQUEST_SKIP;
 }

diff --git a/src/posix/handlers/statx.hpp b/src/posix/handlers/statx.hpp
@@ -18,7 +18,11 @@ inline int capio_statx(int dirfd, const std::string_view &pathname, int flags, i
     std::filesystem::path path(pathname);
 
     if (is_capio_path(path)) {
-        consent_request_cache_fs->consent_request(path, tid, __FUNCTION__);
+        char resolved_path[PATH_MAX];
+        syscall_no_intercept(SYS_readlink, path.c_str(), resolved_path, PATH_MAX);
+        LOG("Resolved symlink path: %s", resolved_path);
+
+        consent_request_cache_fs->consent_request(resolved_path, tid, __FUNCTION__);
     }
     return CAPIO_POSIX_SYSCALL_REQUEST_SKIP;
 }

diff --git a/src/posix/libcapio_posix.cpp b/src/posix/libcapio_posix.cpp
@@ -287,12 +287,6 @@ static constexpr std::array<CPHandler_t, CAPIO_NR_SYSCALLS> build_syscall_table(
 #ifdef SYS_getcwd
     _syscallTable[SYS_getcwd] = getcwd_handler;
 #endif
-#ifdef SYS_getdents
-    _syscallTable[SYS_getdents] = getdents_handler;
-#endif
-#ifdef SYS_getdents64
-    _syscallTable[SYS_getdents64] = getdents64_handler;
-#endif
 #ifdef SYS_getxattr
     _syscallTable[SYS_getxattr] = not_implemented_handler;
 #endif

diff --git a/src/posix/utils/cache/consent_request_cache.hpp b/src/posix/utils/cache/consent_request_cache.hpp
@@ -5,9 +5,9 @@ class ConsentRequestCache {
     std::unordered_map<std::string, capio_off64_t> *available_consent;
 
     // Block until server allows for proceeding to a generic request
-    static inline capio_off64_t _consent_to_proceed_request(const std::filesystem::path &path,
-                                                            const long tid,
-                                                            const std::string &source_func) {
+    static capio_off64_t _consent_to_proceed_request(const std::filesystem::path &path,
+                                                     const long tid,
+                                                     const std::string &source_func) {
         START_LOG(capio_syscall(SYS_gettid), "call(path=%s, tid=%ld, source_func=%s)", path.c_str(),
                   tid, source_func.c_str());
         char req[CAPIO_REQ_MAX_SIZE];

diff --git a/src/posix/utils/requests.hpp b/src/posix/utils/requests.hpp
@@ -69,6 +69,15 @@ inline std::vector<std::regex> *file_in_memory_request(const long pid) {
         auto file = new char[PATH_MAX]{};
         stc_queue->read(file, PATH_MAX);
         LOG("Obtained path %s", file);
+
+        if (file[0] == '*') {
+            LOG("Obtained all file regex. converting it to be coherent with CAPIO paths");
+            auto c_dir = get_capio_dir().string();
+            memcpy(file, c_dir.c_str(), c_dir.length());
+            memcpy(file + c_dir.size(), "/*", 2);
+            LOG("Generated path relative to CAPIO_DIR: %s", file);
+        }
+
         regex_vector->emplace_back(generateCapioRegex(file));
         delete[] file;
     }

diff --git a/src/server/capio-cl-engine/capio_cl_engine.hpp b/src/server/capio-cl-engine/capio_cl_engine.hpp
@@ -122,21 +122,6 @@ class CapioCLEngine {
         std::cout << std::endl;
     };
 
-    // TODO: might need to be improved
-    static bool fileToBeHandled(std::filesystem::path::iterator::reference path) {
-        START_LOG(gettid(), "call(path=%s)", path.c_str());
-
-        if (path == get_capio_dir()) {
-            LOG("Path is capio_dir. Ignoring.");
-            return false;
-        }
-
-        LOG("Parent path=%s", path.parent_path().c_str());
-        LOG("Path %s be handled by CAPIO",
-            path.parent_path().string().rfind(get_capio_dir(), 0) == 0 ? "SHOULD" : "SHOULD NOT");
-        return path.parent_path().string().rfind(get_capio_dir(), 0) == 0;
-    };
-
     /**
      * Check whether the file is contained inside the location, either by direct name or by glob
      * @param file