aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation/filesystems
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation/filesystems')
-rw-r--r--Documentation/filesystems/caching/cachefiles.txt8
1 files changed, 4 insertions, 4 deletions
diff --git a/Documentation/filesystems/caching/cachefiles.txt b/Documentation/filesystems/caching/cachefiles.txt
index c78a49b7bba6..748a1ae49e12 100644
--- a/Documentation/filesystems/caching/cachefiles.txt
+++ b/Documentation/filesystems/caching/cachefiles.txt
@@ -407,7 +407,7 @@ A NOTE ON SECURITY
407================== 407==================
408 408
409CacheFiles makes use of the split security in the task_struct. It allocates 409CacheFiles makes use of the split security in the task_struct. It allocates
410its own task_security structure, and redirects current->act_as to point to it 410its own task_security structure, and redirects current->cred to point to it
411when it acts on behalf of another process, in that process's context. 411when it acts on behalf of another process, in that process's context.
412 412
413The reason it does this is that it calls vfs_mkdir() and suchlike rather than 413The reason it does this is that it calls vfs_mkdir() and suchlike rather than
@@ -429,9 +429,9 @@ This means it may lose signals or ptrace events for example, and affects what
429the process looks like in /proc. 429the process looks like in /proc.
430 430
431So CacheFiles makes use of a logical split in the security between the 431So CacheFiles makes use of a logical split in the security between the
432objective security (task->sec) and the subjective security (task->act_as). The 432objective security (task->real_cred) and the subjective security (task->cred).
433objective security holds the intrinsic security properties of a process and is 433The objective security holds the intrinsic security properties of a process and
434never overridden. This is what appears in /proc, and is what is used when a 434is never overridden. This is what appears in /proc, and is what is used when a
435process is the target of an operation by some other process (SIGKILL for 435process is the target of an operation by some other process (SIGKILL for
436example). 436example).
437 437