Looking up a file given a path name seems like a straightforward task, but
it turns out to be one of the more complex things the kernel does. Things
get more complicated if one is trying to write robust (user-space) code
that can do the right thing with paths that are controlled by a potentially
hostile user. Attempts to make the open() and
openat() system calls safer date back
at least to an attempt to add O_BENEATH in 2014, but
numerous problems remain. Aleksa Sarai, who has been working in this area for a while, has now
concluded that a new version of openat(), naturally called openat2(),
is required to truly solve this problem.

Source: LWN.net – [$] Restricting path name lookup with openat2()