summaryrefslogtreecommitdiffstats
path: root/security/commoncap.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2017-09-24 11:40:41 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2017-09-24 11:40:41 -0700
commita30282478271ea8e06d424f96c1537094b309c7c (patch)
tree2ca55dabb02982b05cc4a80df09ea285114fb071 /security/commoncap.c
parent1436ab068d6b0309a73849dc239399399621decd (diff)
parentab5348c9c23cd253f5902980d2d8fe067dc24c82 (diff)
downloadlinux-a30282478271ea8e06d424f96c1537094b309c7c.tar.bz2
Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull misc security layer update from James Morris: "This is the remaining 'general' change in the security tree for v4.14, following the direct merging of SELinux (+ TOMOYO), AppArmor, and seccomp. That's everything now for the security tree except IMA, which will follow shortly (I've been traveling for the past week with patchy internet)" * 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: security: fix description of values returned by cap_inode_need_killpriv
Diffstat (limited to 'security/commoncap.c')
-rw-r--r--security/commoncap.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index 6bf72b175b49..c25e0d27537f 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -294,10 +294,10 @@ int cap_capset(struct cred *new,
*
* Determine if an inode having a change applied that's marked ATTR_KILL_PRIV
* affects the security markings on that inode, and if it is, should
- * inode_killpriv() be invoked or the change rejected?
+ * inode_killpriv() be invoked or the change rejected.
*
- * Returns 0 if granted; +ve if granted, but inode_killpriv() is required; and
- * -ve to deny the change.
+ * Returns 1 if security.capability has a value, meaning inode_killpriv()
+ * is required, 0 otherwise, meaning inode_killpriv() is not required.
*/
int cap_inode_need_killpriv(struct dentry *dentry)
{