git: 8451c8ad420d - stable/15 - MAC/do: Clarify comments about flags attached per-ID or per-ID-type

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Olivier Certner <olce_at_FreeBSD.org>
Date: Tue, 09 Jun 2026 20:26:23 UTC
The branch stable/15 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=8451c8ad420d312dd58a55f09fa1fc78f636cd8f

commit 8451c8ad420d312dd58a55f09fa1fc78f636cd8f
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2026-06-04 10:01:23 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2026-06-09 20:25:52 +0000

    MAC/do: Clarify comments about flags attached per-ID or per-ID-type
    
    No functional change.
    
    MFC after:      3 days
    Sponsored by:   The FreeBSD Foundation
    
    (cherry picked from commit 0c2d64ce3da9c042da133c8b6d7391abb177f2c9)
---
 sys/security/mac_do/mac_do.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index ba49da22ce67..790701e57e56 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -89,20 +89,22 @@ _Static_assert(sizeof(uid_t) == sizeof(u_int) && (uid_t)-1 >= 0 &&
  * encoding for simplicity.
  *
  * There is currently room for "only" 16 bits.  As these flags are purely
- * internal, they can be renumbered and/or their type changed as needed.
+ * internal, they can be renumbered and/or the underlying type changed as
+ * needed.
  *
  * See also the check_*() functions below.
  */
 typedef uint16_t	flags_t;
 
-/* (i,gid) Specification concerns primary groups. */
+/* (i,gid) Group can appear as a primary group. */
 #define MDF_PRIMARY	(1u << 0)
-/* (i,gid) Specification concerns supplementary groups. */
+/* (i,gid) Group can appear as a supplementary group. */
 #define MDF_SUPP_ALLOW	(1u << 1)
 /* (i,gid) Group must appear as a supplementary group. */
 #define MDF_SUPP_MUST	(1u << 2)
 /* (i,gid) Group must not appear as a supplementary group. */
 #define MDF_SUPP_DONT	(1u << 3)
+/* (i,gid) Mask to detect a supplementary group specification. */
 #define MDF_SUPP_MASK	(MDF_SUPP_ALLOW | MDF_SUPP_MUST | MDF_SUPP_DONT)
 #define MDF_ID_MASK	(MDF_PRIMARY | MDF_SUPP_MASK)
 
@@ -110,8 +112,8 @@ typedef uint16_t	flags_t;
  * (t) All IDs allowed.
  *
  * For GIDs, MDF_ANY only concerns primary groups.  The MDF_PRIMARY and
- * MDF_SUPP_* flags never apply to MDF_ANY, but can be present if MDF_CURRENT is
- * present also, as usual.
+ * MDF_SUPP_* flags do not apply to MDF_ANY, but can be present if MDF_CURRENT
+ * is present also, as for explicit IDs.
  */
 #define MDF_ANY			(1u << 8)
 /* (t) Current IDs allowed. */