D40638.id124013.diff
No OneTemporary
Actions

Size

2 KB

Referenced Files

None

Subscribers

None

D40638.id124013.diff
View Options

	diff --git a/share/man/man9/cr_cansee.9 b/share/man/man9/cr_cansee.9
	--- a/share/man/man9/cr_cansee.9
	+++ b/share/man/man9/cr_cansee.9
	@@ -1,5 +1,6 @@
	.\"
	.\" Copyright (c) 2006 Ceri Davies <ceri@FreeBSD.org>
	+.\" Copyright (c) 2023 Olivier Certner <olce.freebsd@certner.fr>
	.\"
	.\" All rights reserved.
	.\"
	@@ -25,43 +26,39 @@
	.\"
	.\" $FreeBSD$
	.\"
	-.Dd November 19, 2006
	+.Dd June 16, 2023
	.Dt CR_CANSEE 9
	.Os
	.Sh NAME
	.Nm cr_cansee
	.Nd "determine visibility of objects given their user credentials"
	.Sh SYNOPSIS
	-.In sys/param.h
	-.In sys/systm.h
	-.In sys/ucred.h
	+.In sys/proc.h
	.Ft int
	.Fn cr_cansee "struct ucred u1" "struct ucred u2"
	.Sh DESCRIPTION
	-This function determines the visibility of objects in the
	-kernel based on the real user IDs and group IDs in the credentials
	+This function determines if a subject with credential
	.Fa u1
	-and
	-.Fa u2
	-associated with them.
	+can see a subject or object associated to credential
	+.Fa u2 .
	.Pp
	-The visibility of objects is influenced by the
	+Specific types of subjects may need to submit to additional or different
	+restrictions.
	+As an example, for processes, see
	+.Xr p_cansee 9 ,
	+which calls this function.
	+.Pp
	+The implementation relies on
	+.Xr cr_bsd_visibility 9
	+and consequently the
	.Xr sysctl 8
	-variables
	-.Va security.bsd.see_other_gids
	-and
	-.Va security.bsd.see_other_uids ,
	-as per the description in
	-.Xr cr_seeothergids 9
	-and
	-.Xr cr_seeotheruids 9
	-respectively.
	+variables referenced in its manual page influence the result.
	.Sh RETURN VALUES
	-This function returns zero if the object with credential
	+This function returns zero if the subject with credential
	.Fa u1
	can
	.Dq see
	-the object with credential
	+the subject or object with credential
	.Fa u2 ,
	or
	.Er ESRCH
	@@ -69,24 +66,20 @@
	.Sh ERRORS
	.Bl -tag -width Er
	.It Bq Er ESRCH
	-The object with credential
	+The subject with credential
	.Fa u1
	-cannot
	-.Dq see
	-the object with credential
	-.Fa u2 .
	-.It Bq Er ESRCH
	-The object with credential
	-.Fa u1
	-has been jailed and the object with credential
	+has been jailed and the subject or object with credential
	.Fa u2
	-does not belong to the same jail as
	-.Fa u1 .
	+does not belong to the same jail or one of its sub-jails, as determined by
	+.Xr prison_check 9 .
	.It Bq Er ESRCH
	The MAC subsystem denied visibility.
	+.It Bq Er ESRCH
	+.Xr cr_bsd_visibility 9
	+denied visibility according to the BSD security policies in force.
	.El
	.Sh SEE ALSO
	-.Xr cr_seeothergids 9 ,
	-.Xr cr_seeotheruids 9 ,
	+.Xr prison_check 9 ,
	.Xr mac 9 ,
	+.Xr cr_bsd_visibility 9 ,
	.Xr p_cansee 9

File Metadata

Mime Type: text/plain
Expires: Sun, Dec 21, 12:37 AM (14 h, 4 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 27103668
Default Alt Text: D40638.id124013.diff (2 KB)

D40638.id124013.diffNo OneTemporaryActions

D40638.id124013.diffView Options

File Metadata

Event Timeline

D40638.id124013.diff
No OneTemporary
Actions

D40638.id124013.diff
View Options