diff options
author | Andrew G. Morgan <morgan@kernel.org> | 2021-03-10 19:45:59 -0800 |
---|---|---|
committer | Andrew G. Morgan <morgan@kernel.org> | 2021-03-10 19:45:59 -0800 |
commit | d1445dd1e18bc3e662090d71bd08eb8d1db4c534 (patch) | |
tree | 83e5e76c63c1fd5cc625815b516266ce5d586d0c | |
parent | fd5271195dc27b017b2470be12356c49369e0058 (diff) | |
download | libcap2-d1445dd1e18bc3e662090d71bd08eb8d1db4c534.tar.gz |
Comment fixes regarding new cap.Launcher features
Thanks to Gregory Fuchedzhy for requesting the feature(s) and kicking
the tires on it.
Details: https://bugzilla.kernel.org/show_bug.cgi?id=211919
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
-rw-r--r-- | cap/cap.go | 5 | ||||
-rw-r--r-- | cap/launch.go | 6 |
2 files changed, 9 insertions, 2 deletions
@@ -354,6 +354,11 @@ func (sc *syscaller) setProc(c *Set) error { // process. The kernel will perform permission checks and an error // will be returned if the attempt fails. Should the attempt fail // no process capabilities will have been modified. +// +// Note, the general behavior of this call is to set the +// process-shared capabilities. However, when called from a callback +// function as part of a (*Launcher).Launch(), the call only sets the +// capabilities of the thread being used to perform the launch. func (c *Set) SetProc() error { state, sc := scwStateSC() defer scwSetState(launchBlocked, state, -1) diff --git a/cap/launch.go b/cap/launch.go index 202e80e..fa2576b 100644 --- a/cap/launch.go +++ b/cap/launch.go @@ -83,7 +83,9 @@ func FuncLauncher(fn func(interface{}) error) *Launcher { // If the specified callback fn should call any "cap" package // functions that change privilege state, these calls will only affect // the launch goroutine itself. While the launch is in progress, other -// goroutines will block if they attempt to change privilege state. +// (non-launch) goroutines will block if they attempt to change +// privilege state. These routines will unblock once there are no +// in-flight launches. // // Note, the first argument provided to the callback function is the // *syscall.ProcAttr value to be used when a process launch is taking @@ -301,7 +303,7 @@ abort: // Launch performs a callback function and/or new program launch with // a disposable security state. The data object, when not nil, can be // used to communicate with the callback. It can also be used to -// return details from the callback functions exection. +// return details from the callback functions execution. // // If the attr was created with NewLauncher(), this present function // will return the pid of the launched process, or -1 and a non-nil |