[PATCH v2 3/3] landlock: transpose the layer masks data structure
Randy Dunlap
rdunlap at infradead.org
Sun Jan 25 22:02:50 UTC 2026
The first line here is confusing: "in @rule in @masks"
Maybe:
On 1/25/26 11:58 AM, Günther Noack wrote:
> +/**
> + * landlock_unmask_layers - Cross off access rights granted in @rule in @masks
- Update (or Remove) access rights in @masks that are
granted in @rules
?
> *
> - * Returns true if the request is allowed (i.e. relevant layer masks for the
> - * request are empty).
> + * Updates the set of (per-layer) unfulfilled access rights @masks
> + * so that all the access rights granted in @rule are removed from it
> + * (because they are now fulfilled).
> + *
> + * @rule: A rule that grants a set of access rights for each layer
> + * @masks: A matrix of unfulfilled access rights for each layer
> + *
> + * Returns true if the request is allowed (i.e. the access rights granted all
> + * remaining unfulfilled access rights and masks has no leftover set bits).
> */
--
~Randy
More information about the Linux-security-module-archive
mailing list