os: document that Chdir affects fs.FS returned by DirFS with a relative path

Fixes #47214.

Change-Id: I6fdc1c4340c0943b825ac22e311179ad1cf30915
Reviewed-on: https://go-review.googlesource.com/c/go/+/410334
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>

diff --git a/src/os/file.go b/src/os/file.go
index ab017d4af790647679b9068933af506c1d2e3a27..9f388921aed99ad31bcbf58bc2e830f0047a61a9 100644 (file)
--- a/src/os/file.go
+++ b/src/os/file.go
@@ -620,8 +620,10 @@ func isWindowsNulName(name string) bool {
 // operating system will begin with "/prefix": DirFS("/prefix").Open("file") is the
 // same as os.Open("/prefix/file"). So if /prefix/file is a symbolic link pointing outside
 // the /prefix tree, then using DirFS does not stop the access any more than using
-// os.Open does. DirFS is therefore not a general substitute for a chroot-style security
-// mechanism when the directory tree contains arbitrary content.
+// os.Open does. Additionally, the root of the fs.FS returned for a relative path,
+// DirFS("prefix"), will be affected by later calls to Chdir. DirFS is therefore not
+// a general substitute for a chroot-style security mechanism when the directory tree
+// contains arbitrary content.
 //
 // The result implements fs.StatFS.
 func DirFS(dir string) fs.FS {