git: 0c2d64ce3da9 - main - MAC/do: Clarify comments about flags attached per-ID or per-ID-type

Thu, 04 Jun 2026 04:07:33 -0700 

The branch main has been updated by olce:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=0c2d64ce3da9c042da133c8b6d7391abb177f2c9

commit 0c2d64ce3da9c042da133c8b6d7391abb177f2c9
Author:     Olivier Certner <[email protected]>
AuthorDate: 2026-06-04 10:01:23 +0000
Commit:     Olivier Certner <[email protected]>
CommitDate: 2026-06-04 11:06:39 +0000

    MAC/do: Clarify comments about flags attached per-ID or per-ID-type
    
    No functional change.
    
    MFC after:      3 days
    Sponsored by:   The FreeBSD Foundation
---
 sys/security/mac_do/mac_do.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 7bb3e2a150c5..d150c8bcb228 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -123,20 +123,22 @@ _Static_assert(sizeof(uid_t) == sizeof(u_int) && 
(uid_t)-1 >= 0 &&
  * encoding for simplicity.
  *
  * There is currently room for "only" 16 bits.  As these flags are purely
- * internal, they can be renumbered and/or their type changed as needed.
+ * internal, they can be renumbered and/or the underlying type changed as
+ * needed.
  *
  * See also the check_*() functions below.
  */
 typedef uint16_t       flags_t;
 
-/* (i,gid) Specification concerns primary groups. */
+/* (i,gid) Group can appear as a primary group. */
 #define MDF_PRIMARY    (1u << 0)
-/* (i,gid) Specification concerns supplementary groups. */
+/* (i,gid) Group can appear as a supplementary group. */
 #define MDF_SUPP_ALLOW (1u << 1)
 /* (i,gid) Group must appear as a supplementary group. */
 #define MDF_SUPP_MUST  (1u << 2)
 /* (i,gid) Group must not appear as a supplementary group. */
 #define MDF_SUPP_DONT  (1u << 3)
+/* (i,gid) Mask to detect a supplementary group specification. */
 #define MDF_SUPP_MASK  (MDF_SUPP_ALLOW | MDF_SUPP_MUST | MDF_SUPP_DONT)
 #define MDF_ID_MASK    (MDF_PRIMARY | MDF_SUPP_MASK)
 
@@ -144,8 +146,8 @@ typedef uint16_t    flags_t;
  * (t) All IDs allowed.
  *
  * For GIDs, MDF_ANY only concerns primary groups.  The MDF_PRIMARY and
- * MDF_SUPP_* flags never apply to MDF_ANY, but can be present if MDF_CURRENT 
is
- * present also, as usual.
+ * MDF_SUPP_* flags do not apply to MDF_ANY, but can be present if MDF_CURRENT
+ * is present also, as for explicit IDs.
  */
 #define MDF_ANY                        (1u << 8)
 /* (t) Current IDs allowed. */

Reply via email to