Commit 91ac033d authored by Marc Dionne's avatar Marc Dionne Committed by Linus Torvalds

CacheFiles: Fix the documentation to use the correct credential pointer names

Adjust the CacheFiles documentation to use the correct names of the credential
pointers in task_struct.

The documentation was using names from the old versions of the credentials
patches.
Signed-off-by: default avatarMarc Dionne <marc.c.dionne@gmail.com>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent e5b89542
...@@ -407,7 +407,7 @@ A NOTE ON SECURITY ...@@ -407,7 +407,7 @@ A NOTE ON SECURITY
================== ==================
CacheFiles makes use of the split security in the task_struct. It allocates CacheFiles makes use of the split security in the task_struct. It allocates
its own task_security structure, and redirects current->act_as to point to it its own task_security structure, and redirects current->cred to point to it
when it acts on behalf of another process, in that process's context. when it acts on behalf of another process, in that process's context.
The reason it does this is that it calls vfs_mkdir() and suchlike rather than The reason it does this is that it calls vfs_mkdir() and suchlike rather than
...@@ -429,9 +429,9 @@ This means it may lose signals or ptrace events for example, and affects what ...@@ -429,9 +429,9 @@ This means it may lose signals or ptrace events for example, and affects what
the process looks like in /proc. the process looks like in /proc.
So CacheFiles makes use of a logical split in the security between the So CacheFiles makes use of a logical split in the security between the
objective security (task->sec) and the subjective security (task->act_as). The objective security (task->real_cred) and the subjective security (task->cred).
objective security holds the intrinsic security properties of a process and is The objective security holds the intrinsic security properties of a process and
never overridden. This is what appears in /proc, and is what is used when a is never overridden. This is what appears in /proc, and is what is used when a
process is the target of an operation by some other process (SIGKILL for process is the target of an operation by some other process (SIGKILL for
example). example).
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment