DropPrivs: Document what it does

author Julian Andres Klode <jak@debian.org>

Wed, 24 Sep 2014 20:28:44 +0000 (22:28 +0200)

committer Julian Andres Klode <jak@debian.org>

Wed, 24 Sep 2014 20:30:31 +0000 (22:30 +0200)
author Julian Andres Klode <jak@debian.org>
Wed, 24 Sep 2014 20:28:44 +0000 (22:28 +0200)
committer Julian Andres Klode <jak@debian.org>
Wed, 24 Sep 2014 20:30:31 +0000 (22:30 +0200)
diff --git a/apt-pkg/contrib/fileutl.h b/apt-pkg/contrib/fileutl.h

index a8e255b863e1bc839a653717a725baa8a2e2268e..9dd29eb9ea6fbb7b8c671ceeddc2d435d0a010da 100644 (file)
--- a/apt-pkg/contrib/fileutl.h
+++ b/apt-pkg/contrib/fileutl.h
@@ -199,7 +199,17 @@ bool ExecWait(pid_t Pid,const char *Name,bool Reap = false);
  // check if the given file starts with a PGP cleartext signature
  bool StartsWithGPGClearTextSignature(std::string const &FileName);
  
-// process releated
+/**
+ * \brief Drop privileges
+ *
+ * Drop the privileges to the user _apt (or the one specified in
+ * APT::Sandbox::User). This does not set the supplementary group
+ * ids up correctly, it only uses the default group. Also prevent
+ * the process from gaining any new privileges afterwards, at least
+ * on Linux.
+ *
+ * \return true on success, false on failure with _error set
+ */
  bool DropPrivs();
  
  // File string manipulators
author	Julian Andres Klode <jak@debian.org>
	Wed, 24 Sep 2014 20:28:44 +0000 (22:28 +0200)
committer	Julian Andres Klode <jak@debian.org>
	Wed, 24 Sep 2014 20:30:31 +0000 (22:30 +0200)