diff options
Diffstat (limited to 'static/freebsd/man9/cr_cansee.9')
| -rw-r--r-- | static/freebsd/man9/cr_cansee.9 | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/static/freebsd/man9/cr_cansee.9 b/static/freebsd/man9/cr_cansee.9 new file mode 100644 index 00000000..a93afb8e --- /dev/null +++ b/static/freebsd/man9/cr_cansee.9 @@ -0,0 +1,83 @@ +.\" +.\" Copyright (c) 2006 Ceri Davies <ceri@FreeBSD.org> +.\" Copyright (c) 2023 Olivier Certner <olce.freebsd@certner.fr> +.\" +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd August 18, 2023 +.Dt CR_CANSEE 9 +.Os +.Sh NAME +.Nm cr_cansee +.Nd "determine visibility of objects given their user credentials" +.Sh SYNOPSIS +.In sys/proc.h +.Ft int +.Fn cr_cansee "struct ucred *u1" "struct ucred *u2" +.Sh DESCRIPTION +This function determines if a subject with credential +.Fa u1 +can see a subject or object associated to credential +.Fa u2 . +.Pp +Specific types of subjects may need to submit to additional or different +restrictions. +As an example, for processes, see +.Xr p_cansee 9 , +which calls this function. +.Pp +The implementation relies on +.Xr cr_bsd_visible 9 +and consequently the +.Xr sysctl 8 +variables referenced in its manual page influence the result. +.Sh RETURN VALUES +This function returns zero if the subject with credential +.Fa u1 +can +.Dq see +the subject or object with credential +.Fa u2 , +or +.Er ESRCH +otherwise. +.Sh ERRORS +.Bl -tag -width Er +.It Bq Er ESRCH +The subject with credential +.Fa u1 +has been jailed and the subject or object with credential +.Fa u2 +does not belong to the same jail or one of its sub-jails, as determined by +.Xr prison_check 9 . +.It Bq Er ESRCH +The MAC subsystem denied visibility. +.It Bq Er ESRCH +.Xr cr_bsd_visible 9 +denied visibility according to the BSD security policies in force. +.El +.Sh SEE ALSO +.Xr cr_bsd_visible 9 , +.Xr mac 9 , +.Xr p_cansee 9 , +.Xr prison_check 9 |