diff options
author | rwatson <rwatson@FreeBSD.org> | 2006-12-20 23:16:01 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2006-12-20 23:16:01 +0000 |
commit | cada726d8e2e0efb8985b305cd662bf3d72f2ce4 (patch) | |
tree | dad40c15e0eaeb6a384f3e053629c06616a1eeb4 /sys/security | |
parent | 49509e92ebe633d4a5b772c016f8751bb096d1ee (diff) | |
download | FreeBSD-src-cada726d8e2e0efb8985b305cd662bf3d72f2ce4.zip FreeBSD-src-cada726d8e2e0efb8985b305cd662bf3d72f2ce4.tar.gz |
Clean up comment white space and line wrapping.
Diffstat (limited to 'sys/security')
-rw-r--r-- | sys/security/mac/mac_process.c | 29 |
1 files changed, 14 insertions, 15 deletions
diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c index c903204..5a63b0d 100644 --- a/sys/security/mac/mac_process.c +++ b/sys/security/mac/mac_process.c @@ -183,8 +183,8 @@ mac_internalize_cred_label(struct label *label, char *string) } /* - * Initialize MAC label for the first kernel process, from which other - * kernel processes and threads are spawned. + * Initialize MAC label for the first kernel process, from which other kernel + * processes and threads are spawned. */ void mac_create_proc0(struct ucred *cred) @@ -213,8 +213,8 @@ mac_thread_userret(struct thread *td) /* * When a new process is created, its label must be initialized. Generally, - * this involves inheritence from the parent process, modulo possible - * deltas. This function allows that processing to take place. + * this involves inheritence from the parent process, modulo possible deltas. + * This function allows that processing to take place. */ void mac_copy_cred(struct ucred *src, struct ucred *dest) @@ -271,9 +271,9 @@ mac_execve_exit(struct image_params *imgp) /* * When relabeling a process, call out to the policies for the maximum - * permission allowed for each object type we know about in its - * memory space, and revoke access (in the least surprising ways we - * know) when necessary. The process lock is not held here. + * permission allowed for each object type we know about in its memory space, + * and revoke access (in the least surprising ways we know) when necessary. + * The process lock is not held here. */ void mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred) @@ -353,9 +353,9 @@ mac_cred_mmapped_drop_perms_recurse(struct thread *td, struct ucred *cred, } VM_OBJECT_UNLOCK(object); /* - * At the moment, vm_maps and objects aren't considered - * by the MAC system, so only things with backing by a - * normal object (read: vnodes) are checked. + * At the moment, vm_maps and objects aren't considered by + * the MAC system, so only things with backing by a normal + * object (read: vnodes) are checked. */ if (object->type != OBJT_VNODE) continue; @@ -366,8 +366,8 @@ mac_cred_mmapped_drop_perms_recurse(struct thread *td, struct ucred *cred, mac_check_vnode_mmap_downgrade(cred, vp, &result); VOP_UNLOCK(vp, 0, td); /* - * Find out what maximum protection we may be allowing - * now but a policy needs to get removed. + * Find out what maximum protection we may be allowing now + * but a policy needs to get removed. */ revokeperms = vme->max_protection & ~result; if (!revokeperms) { @@ -383,9 +383,8 @@ mac_cred_mmapped_drop_perms_recurse(struct thread *td, struct ucred *cred, /* * This is the really simple case: if a map has more * max_protection than is allowed, but it's not being - * actually used (that is, the current protection is - * still allowed), we can just wipe it out and do - * nothing more. + * actually used (that is, the current protection is still + * allowed), we can just wipe it out and do nothing more. */ if ((vme->protection & revokeperms) == 0) { vme->max_protection -= revokeperms; |