io_uring/register: fix comment about task_no_new_privs

The actual code is right, but the comment is the wrong way around.

Fixes: ed82f35b926b ("io_uring: allow registration of per-task restrictions")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/io_uring/register.c b/io_uring/register.c
index 594b1f2ce875a3b486661ab16cf1168939c5e8b3..a839b22fd39296811005890c8a78e182dfba4967 100644 (file)
--- a/io_uring/register.c
+++ b/io_uring/register.c
@@ -202,7 +202,7 @@ static int io_register_restrictions_task(void __user *arg, unsigned int nr_args)
                return -EPERM;
        /*
         * Similar to seccomp, disallow setting a filter if task_no_new_privs
-        * is true and we're not CAP_SYS_ADMIN.
+        * is false and we're not CAP_SYS_ADMIN.
         */
        if (!task_no_new_privs(current) &&
            !ns_capable_noaudit(current_user_ns(), CAP_SYS_ADMIN))
@@ -238,7 +238,7 @@ static int io_register_bpf_filter_task(void __user *arg, unsigned int nr_args)
 
        /*
         * Similar to seccomp, disallow setting a filter if task_no_new_privs
-        * is true and we're not CAP_SYS_ADMIN.
+        * is false and we're not CAP_SYS_ADMIN.
         */
        if (!task_no_new_privs(current) &&
            !ns_capable_noaudit(current_user_ns(), CAP_SYS_ADMIN))