debian/control: Update Build-Depends.

[yaid] / policy.c

diff --git a/policy.c b/policy.c
index 9a9e2e234b53036de52fd566c7f974cf04453cb9..9cb9af9b37971f059e8f07f5e57e7cbeb4ee17fd 100644 (file)
--- a/policy.c
+++ b/policy.c
@@ -441,6 +441,11 @@ fail:
 
 /* Open a policy file by NAME.  The description WHAT and query Q are used for
  * formatting error messages for the log.
+ *
+ * This function is somewhat careful only to read from actual regular files,
+ * though (if the filesystem object identified by NAME is a symlink, say) it
+ * might open a device node or other exotic thing without reading it.  This
+ * is likely harmless, since we're running as an unprivileged user anyway.
  */
 int open_policy_file(struct policy_file *pf, const char *name,
                     const char *what, const struct query *q, unsigned f)