Skip to content

Commit ef4536f

Browse files
micromaomaol0kod
authored andcommitted
landlock: Improve the comment for domain_is_scoped
Currently it is not obvious what "scoped" mean, and the fact that the function returns true when access should be denied is slightly surprising and in need of documentation. Cc: Tahera Fahimi <fahimitahera@gmail.com> Signed-off-by: Tingmao Wang <m@maowtm.org> Link: https://lore.kernel.org/r/06393bc18aee5bc278df5ef31c64a05b742ebc10.1766885035.git.m@maowtm.org [mic: Fix formatting and improve consistency] Signed-off-by: Mickaël Salaün <mic@digikod.net>
1 parent 55dc93a commit ef4536f

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

security/landlock/task.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -166,15 +166,15 @@ static int hook_ptrace_traceme(struct task_struct *const parent)
166166
}
167167

168168
/**
169-
* domain_is_scoped - Checks if the client domain is scoped in the same
170-
* domain as the server.
169+
* domain_is_scoped - Check if an interaction from a client/sender to a
170+
* server/receiver should be restricted based on scope controls.
171171
*
172172
* @client: IPC sender domain.
173173
* @server: IPC receiver domain.
174174
* @scope: The scope restriction criteria.
175175
*
176-
* Returns: True if the @client domain is scoped to access the @server,
177-
* unless the @server is also scoped in the same domain as @client.
176+
* Returns: True if @server is in a different domain from @client, and @client
177+
* is scoped to access @server (i.e. access should be denied).
178178
*/
179179
static bool domain_is_scoped(const struct landlock_ruleset *const client,
180180
const struct landlock_ruleset *const server,

0 commit comments

Comments
 (0)