security: clarify cap_inode_getsecctx description

Make it clear that cap_inode_getsecctx shouldn't return success without
filling in the context data.

Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>

diff --git a/include/linux/security.h b/include/linux/security.h
index 4686491852a70b0665633ee1bce5e44d344b3aa3..40560f41e3d540d7e4a7259faa7fa0e8a5176c57 100644 (file)
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1392,7 +1392,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *     @ctxlen contains the length of @ctx.
  *
  * @inode_getsecctx:
- *     Returns a string containing all relevant security context information
+ *     On success, returns 0 and fills out @ctx and @ctxlen with the security
+ *     context for the given @inode.
  *
  *     @inode we wish to get the security context of.
  *     @ctx is a pointer in which to place the allocated security context.