Google Git
Sign in
kernel / pub / scm / libs / libcap / libcap / 89b4b8021d23a7043ad832a7f643fcd2e70a6560^! / .
commit89b4b8021d23a7043ad832a7f643fcd2e70a6560[log] [tgz]
authorAndrew G. Morgan <morgan@kernel.org>Sat Dec 11 18:01:14 2021 -0800
committerAndrew G. Morgan <morgan@kernel.org>Sat Dec 11 18:01:14 2021 -0800
tree79b08cc86a0d731887c1d2ba3ff2ae37e7fc729b
parente458889fbda4052919b61fd9f727bb1ac906d436 [diff]
Clean up cap package documentation for Launch.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>

diff --git a/cap/launch.go b/cap/launch.go
index cc3be50..de7fd90 100644
--- a/cap/launch.go
+++ b/cap/launch.go

@@ -236,6 +236,7 @@
 		defer close(quit)
 	}
 
+	// Thread group ID is the process ID.
 	tgid := syscall.Getpid()
 
 	// This code waits until we are not scheduled on the parent
@@ -355,7 +356,9 @@
 	}
 }
 
-// pollForThreadExit waits for a thread to terminate.
+// pollForThreadExit waits for a thread to terminate. Only after the
+// thread has safely exited is it safe to resume POSIX semantics
+// security state mirroring for the rest of the process threads.
 func (v lResult) pollForThreadExit() {
 	if v.tid == -1 {
 		return
@@ -369,7 +372,7 @@
 // Launch performs a callback function and/or new program launch with
 // a disposable security state. The data object, when not nil, can be
 // used to communicate with the callback. It can also be used to
-// return details from the callback functions execution.
+// return details from the callback function's execution.
 //
 // If the attr was created with NewLauncher(), this present function
 // will return the pid of the launched process, or -1 and a non-nil
@@ -381,15 +384,15 @@
 // callback return value.
 //
 // Note, while the disposable security state thread makes some
-// oprerations seem more isolated - they are *not securely
+// operations seem more isolated - they are *not securely
 // isolated*. Launching is inherently violating the POSIX semantics
 // maintained by the rest of the "libcap/cap" package, so think of
 // launching as a convenience wrapper around fork()ing.
 //
 // Advanced user note: if the caller of this function thinks they know
 // what they are doing by using runtime.LockOSThread() before invoking
-// this function, they should understand that the OS Thread invoking
-// (*Launcher).Launch() is *not guaranteed* to be the one used for the
+// this function, they should understand that the OS thread invoking
+// (*Launcher).Launch() is *not* guaranteed to be the one used for the
 // disposable security state to perform the launch. If said caller
 // needs to run something on the disposable security state thread,
 // they should do it via the launch callback function mechanism. (The