mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-11-25 19:14:39 +08:00
Documentation: security/credentials.rst: explain need to sort group_list
This patch updates the documentation with the observations that led
to commit bdcf0a423e
("kernel: make groups_sort calling a
responsibility group_info allocators") and the new behaviour required.
Specifically that groups_sort() should be called on a new group_list
before set_groups() or set_current_groups() is called.
Signed-off-by: NeilBrown <neilb@suse.com>
[jc: use proper :c:func: references]
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
This commit is contained in:
parent
536ec30477
commit
0b345d722e
@ -451,6 +451,13 @@ checks and hooks done. Both the current and the proposed sets of credentials
|
||||
are available for this purpose as current_cred() will return the current set
|
||||
still at this point.
|
||||
|
||||
When replacing the group list, the new list must be sorted before it
|
||||
is added to the credential, as a binary search is used to test for
|
||||
membership. In practice, this means :c:func:`groups_sort` should be
|
||||
called before :c:func:`set_groups` or :c:func:`set_current_groups`.
|
||||
:c:func:`groups_sort)` must not be called on a ``struct group_list`` which
|
||||
is shared as it may permute elements as part of the sorting process
|
||||
even if the array is already sorted.
|
||||
|
||||
When the credential set is ready, it should be committed to the current process
|
||||
by calling::
|
||||
|
Loading…
Reference in New Issue
Block a user