Improve commenting of vaccess(), making sure to be clear that the ifdef

capabilities code is there for reference and never actually used.  Slight
style tweak.

1 files changed, 10 insertions, 4 deletions

diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c
index 1ecec22..d3963fe 100644
--- a/sys/kern/vfs_subr.c
+++ b/sys/kern/vfs_subr.c
@@ -3134,6 +3134,9 @@ vn_isdisk(struct vnode *vp, int *errp)
  * and optional call-by-reference privused argument allowing vaccess()
  * to indicate to the caller whether privilege was used to satisfy the
  * request (obsoleted).  Returns 0 on success, or an errno on failure.
+ *
+ * The ifdef'd CAPABILITIES version is here for reference, but is not
+ * actually used.
  */
 int
 vaccess(enum vtype type, mode_t file_mode, uid_t file_uid, gid_t file_gid,
@@ -3207,9 +3210,11 @@ privcheck:
 	/*
 	 * Build a capability mask to determine if the set of capabilities
 	 * satisfies the requirements when combined with the granted mask
-	 * from above.
-	 * For each capability, if the capability is required, bitwise
-	 * or the request type onto the cap_granted mask.
+	 * from above.  For each capability, if the capability is required,
+	 * bitwise or the request type onto the cap_granted mask.
+	 *
+	 * Note: This is never actually used, but is here for reference
+	 * purposes.
 	 */
 	cap_granted = 0;
 
@@ -3219,7 +3224,8 @@ privcheck:
 		 * VEXEC requests, instead of CAP_DAC_EXECUTE.
 		 */
 		if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) &&
-		    !cap_check(cred, NULL, CAP_DAC_READ_SEARCH, SUSER_ALLOWJAIL))
+		    !cap_check(cred, NULL, CAP_DAC_READ_SEARCH,
+		    SUSER_ALLOWJAIL))
 			cap_granted |= VEXEC;
 	} else {
 		if ((acc_mode & VEXEC) && ((dac_granted & VEXEC) == 0) &&