linux.c (init_sys): Describe the sections of initialization code.

[yaid] / yaid.h

diff --git a/yaid.h b/yaid.h
index 0f4efd895a9bceb2073d9b025c05dec0de08b0ea..15f26bfc409b601bfc9cd437c3f786c875292d76 100644 (file)
--- a/yaid.h
+++ b/yaid.h
@@ -348,6 +348,11 @@ struct policy_file {
 
 /* Open a policy file by NAME.  The description WHAT and query Q are used for
  * formatting error messages for the log.
+ *
+ * This function is somewhat careful only to read from actual regular files,
+ * though (if the filesystem object identified by NAME is a symlink, say) it
+ * might open a device node or other exotic thing without reading it.  This
+ * is likely harmless, since we're running as an unprivileged user anyway.
  */
 extern int open_policy_file(struct policy_file */*pf*/, const char */*name*/,
                            const char */*what*/, const struct query */*q*/,