From 65f394755b4229985a6d0834c1fce5b2638c7410 Mon Sep 17 00:00:00 2001 From: Marc Dionne Date: Thu, 23 Apr 2009 11:21:55 +0100 Subject: [PATCH] --- yaml --- r: 144153 b: refs/heads/master c: 91ac033d8377552d3654501a105ab55bf546940e h: refs/heads/master i: 144151: 14d014a502194e8315eac8d06471009eb78dbfeb v: v3 --- [refs] | 2 +- trunk/Documentation/filesystems/caching/cachefiles.txt | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/[refs] b/[refs] index 3d1ba3f3332a..12a669178dd6 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: e5b89542ea18020961882228c26db3ba87f6e608 +refs/heads/master: 91ac033d8377552d3654501a105ab55bf546940e diff --git a/trunk/Documentation/filesystems/caching/cachefiles.txt b/trunk/Documentation/filesystems/caching/cachefiles.txt index c78a49b7bba6..748a1ae49e12 100644 --- a/trunk/Documentation/filesystems/caching/cachefiles.txt +++ b/trunk/Documentation/filesystems/caching/cachefiles.txt @@ -407,7 +407,7 @@ A NOTE ON SECURITY ================== CacheFiles makes use of the split security in the task_struct. It allocates -its own task_security structure, and redirects current->act_as to point to it +its own task_security structure, and redirects current->cred to point to it when it acts on behalf of another process, in that process's context. The reason it does this is that it calls vfs_mkdir() and suchlike rather than @@ -429,9 +429,9 @@ This means it may lose signals or ptrace events for example, and affects what the process looks like in /proc. So CacheFiles makes use of a logical split in the security between the -objective security (task->sec) and the subjective security (task->act_as). The -objective security holds the intrinsic security properties of a process and is -never overridden. This is what appears in /proc, and is what is used when a +objective security (task->real_cred) and the subjective security (task->cred). +The objective security holds the intrinsic security properties of a process and +is never overridden. This is what appears in /proc, and is what is used when a process is the target of an operation by some other process (SIGKILL for example).