[RFC PATCH 5/6] landlock/access: Improve explanation on the deny_masks_t

[Tingmao Wang]

Not really related to this series, but just something which took me a
while to realize, and would probably be helpful as a comment.

Signed-off-by: Tingmao Wang <m at maowtm.org>
---
 security/landlock/access.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/security/landlock/access.h b/security/landlock/access.h
index 7961c6630a2d..5e2285575479 100644
--- a/security/landlock/access.h
+++ b/security/landlock/access.h
@@ -67,8 +67,10 @@ typedef u16 layer_mask_t;
 static_assert(BITS_PER_TYPE(layer_mask_t) >= LANDLOCK_MAX_NUM_LAYERS);
 
 /*
- * Tracks domains responsible of a denied access.  This is required to avoid
- * storing in each object the full layer_masks[] required by update_request().
+ * Tracks domains responsible of a denied access, stored in the form of
+ * two 4-bit layer numbers packed into a byte (one for each optional
+ * access).  This is required to avoid storing in each object the full
+ * layer_masks[] required by update_request().
  */
 typedef u8 deny_masks_t;
 
-- 
2.51.0