PERFORCE change 164592 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=164592

Change 164592 by rwatson at rwatson_fledge on 2009/06/17 15:42:07

	Update sys_capability.c comments.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#25 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#25 (text+ko) ====

@@ -36,21 +36,21 @@
  *
  * Each capability is represented as a file descriptor, but unlike
  * traditional file descriptors, capabilities include a fine-grained and
- * monotonically decreasing mask of rights associated with them.
+ * constant mask of rights associated with them.
  *
- * Capabilities wrap other actual object file descriptors, forwarding the
- * implementation of operations to underlying object if they are permitted by
- * the mask.  When one capability is created from another, rather than
- * nesting, we directly reference the underlying object but with a new mask,
- * rather than referencing the previous capability.
+ * Capabilities wrap other actual object file descriptors -- system calls
+ * declare the rights they require when looking up file descriptors.
  *
- * XXXRW: See the global TODO for things that need to be done.
+ * When one capability is created from another, rather than nesting, we
+ * directly reference the underlying object but with a new mask, rather than
+ * referencing the previous capability.  New capabilities will have the same
+ * set or a subset of rights of the capability they are derived from.
  */
 
 #include "opt_capabilities.h"
 
 #include <sys/cdefs.h>
-__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#24 $");
+__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#25 $");
 
 #include <sys/param.h>
 #include <sys/capability.h>