diff options
Diffstat (limited to 'Documentation/filesystems')
-rw-r--r-- | Documentation/filesystems/caching/cachefiles.txt | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/Documentation/filesystems/caching/cachefiles.txt b/Documentation/filesystems/caching/cachefiles.txt index c78a49b7bba6..748a1ae49e12 100644 --- a/Documentation/filesystems/caching/cachefiles.txt +++ b/Documentation/filesystems/caching/cachefiles.txt | |||
@@ -407,7 +407,7 @@ A NOTE ON SECURITY | |||
407 | ================== | 407 | ================== |
408 | 408 | ||
409 | CacheFiles makes use of the split security in the task_struct. It allocates | 409 | CacheFiles makes use of the split security in the task_struct. It allocates |
410 | its own task_security structure, and redirects current->act_as to point to it | 410 | its own task_security structure, and redirects current->cred to point to it |
411 | when it acts on behalf of another process, in that process's context. | 411 | when it acts on behalf of another process, in that process's context. |
412 | 412 | ||
413 | The reason it does this is that it calls vfs_mkdir() and suchlike rather than | 413 | The reason it does this is that it calls vfs_mkdir() and suchlike rather than |
@@ -429,9 +429,9 @@ This means it may lose signals or ptrace events for example, and affects what | |||
429 | the process looks like in /proc. | 429 | the process looks like in /proc. |
430 | 430 | ||
431 | So CacheFiles makes use of a logical split in the security between the | 431 | So CacheFiles makes use of a logical split in the security between the |
432 | objective security (task->sec) and the subjective security (task->act_as). The | 432 | objective security (task->real_cred) and the subjective security (task->cred). |
433 | objective security holds the intrinsic security properties of a process and is | 433 | The objective security holds the intrinsic security properties of a process and |
434 | never overridden. This is what appears in /proc, and is what is used when a | 434 | is never overridden. This is what appears in /proc, and is what is used when a |
435 | process is the target of an operation by some other process (SIGKILL for | 435 | process is the target of an operation by some other process (SIGKILL for |
436 | example). | 436 | example). |
437 | 437 | ||