tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

landlock: Improve the comment for domain_is_scoped

Currently it is not obvious what "scoped" mean, and the fact that the
function returns true when access should be denied is slightly surprising
and in need of documentation.

Cc: Tahera Fahimi <fahimitahera@gmail.com>
Signed-off-by: Tingmao Wang <m@maowtm.org>
Link: https://lore.kernel.org/r/06393bc18aee5bc278df5ef31c64a05b742ebc10.1766885035.git.m@maowtm.org
[mic: Fix formatting and improve consistency]
Signed-off-by: Mickaël Salaün <mic@digikod.net>

authored by

Tingmao Wang and committed by
Mickaël Salaün ef4536f1 55dc93a7

+4 -4
unified split
+4 -4
security/landlock/task.c
··· 166 } 167 168 /** 169 - * domain_is_scoped - Checks if the client domain is scoped in the same 170 - * domain as the server. 171 * 172 * @client: IPC sender domain. 173 * @server: IPC receiver domain. 174 * @scope: The scope restriction criteria. 175 * 176 - * Returns: True if the @client domain is scoped to access the @server, 177 - * unless the @server is also scoped in the same domain as @client. 178 */ 179 static bool domain_is_scoped(const struct landlock_ruleset *const client, 180 const struct landlock_ruleset *const server,
··· 166 } 167 168 /** 169 + * domain_is_scoped - Check if an interaction from a client/sender to a 170 + * server/receiver should be restricted based on scope controls. 171 * 172 * @client: IPC sender domain. 173 * @server: IPC receiver domain. 174 * @scope: The scope restriction criteria. 175 * 176 + * Returns: True if @server is in a different domain from @client, and @client 177 + * is scoped to access @server (i.e. access should be denied). 178 */ 179 static bool domain_is_scoped(const struct landlock_ruleset *const client, 180 const struct landlock_ruleset *const server,