I noticed in a nearby discussion that we will follow in-filesystem symlinks for in-tree .gitignore and .gitattributes files, but not when those files are read out of the index (e.g., when switching branches). This series teaches git to open those files with O_NOFOLLOW (when it is available) to get more consistent behavior. Note that this only applies to the in-tree versions; you can still symlink $GIT_DIR/info/attributes, etc. I stopped short of warning about symlinked entries in git-fsck, but perhaps we would want to do that as well (doing it completely is tricky because of all of the case-folding issues around matching pathnames). [1/5]: add open_nofollow() helper [2/5]: attr: convert "macro_ok" into a flags field [3/5]: exclude: convert "check_index" into a flags field [4/5]: attr: do not respect symlinks for in-tree .gitattributes [5/5]: exclude: do not respect symlinks for in-tree .gitignore attr.c | 58 ++++++++++++++++++++++++++++++++------------------- dir.c | 20 +++++++++++++----- dir.h | 2 +- git-compat-util.h | 3 +++ t/t0003-attributes.sh | 31 +++++++++++++++++++++++++++ t/t0008-ignores.sh | 29 ++++++++++++++++++++++++++ wrapper.c | 8 +++++++ 7 files changed, 123 insertions(+), 28 deletions(-) -Peff