diff options
author | rwatson <rwatson@FreeBSD.org> | 2006-08-06 10:43:35 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2006-08-06 10:43:35 +0000 |
commit | 9119bbc087b47818871346f83dd9e07be800f46d (patch) | |
tree | 2efa2111497e3934c2d4e087b93599ad5c14e2b2 /sys/kern | |
parent | 295b39f6ec69cb0fed48b03a38a18f3a20a77def (diff) | |
download | FreeBSD-src-9119bbc087b47818871346f83dd9e07be800f46d.zip FreeBSD-src-9119bbc087b47818871346f83dd9e07be800f46d.tar.gz |
Improve commenting of vaccess(), making sure to be clear that the ifdef
capabilities code is there for reference and never actually used. Slight
style tweak.
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/vfs_subr.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c index 1ecec22..d3963fe 100644 --- a/sys/kern/vfs_subr.c +++ b/sys/kern/vfs_subr.c @@ -3134,6 +3134,9 @@ vn_isdisk(struct vnode *vp, int *errp) * and optional call-by-reference privused argument allowing vaccess() * to indicate to the caller whether privilege was used to satisfy the * request (obsoleted). Returns 0 on success, or an errno on failure. + * + * The ifdef'd CAPABILITIES version is here for reference, but is not + * actually used. */ int vaccess(enum vtype type, mode_t file_mode, uid_t file_uid, gid_t file_gid, @@ -3207,9 +3210,11 @@ privcheck: /* * Build a capability mask to determine if the set of capabilities * satisfies the requirements when combined with the granted mask - * from above. - * For each capability, if the capability is required, bitwise - * or the request type onto the cap_granted mask. + * from above. For each capability, if the capability is required, + * bitwise or the request type onto the cap_granted mask. + * + * Note: This is never actually used, but is here for reference + * purposes. */ cap_granted = 0; @@ -3219,7 +3224,8 @@ privcheck: * VEXEC requests, instead of CAP_DAC_EXECUTE. */ if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) && - !cap_check(cred, NULL, CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL)) + !cap_check(cred, NULL, CAP_DAC_READ_SEARCH, + SUSER_ALLOWJAIL)) cap_granted |= VEXEC; } else { if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) && |