diff options
Diffstat (limited to 'static/freebsd/man9/cr_canseejailproc.9 4.html')
| -rw-r--r-- | static/freebsd/man9/cr_canseejailproc.9 4.html | 69 |
1 files changed, 0 insertions, 69 deletions
diff --git a/static/freebsd/man9/cr_canseejailproc.9 4.html b/static/freebsd/man9/cr_canseejailproc.9 4.html deleted file mode 100644 index e53cab66..00000000 --- a/static/freebsd/man9/cr_canseejailproc.9 4.html +++ /dev/null @@ -1,69 +0,0 @@ -<table class="head"> - <tr> - <td class="head-ltitle">CR_CANSEEJAILPROC(9)</td> - <td class="head-vol">Kernel Developer's Manual</td> - <td class="head-rtitle">CR_CANSEEJAILPROC(9)</td> - </tr> -</table> -<div class="manual-text"> -<section class="Sh"> -<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> -<p class="Pp"><code class="Nm">cr_canseejailproc</code> — - <span class="Nd">determine if subjects may see entities in - sub-jails</span></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> -<p class="Pp"><var class="Ft">int</var> - <br/> - <code class="Fn">cr_canseejailproc</code>(<var class="Fa" style="white-space: nowrap;">struct - ucred *u1</var>, <var class="Fa" style="white-space: nowrap;">struct ucred - *u2</var>);</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> -<div class="Bf Em">This function is internal. Its functionality is integrated - into the function <a class="Xr">cr_bsd_visible(9)</a>, which should be called - instead.</div> -<p class="Pp">This function checks if a subject associated to credentials - <var class="Fa">u1</var> is denied seeing a subject or object associated to - credentials <var class="Fa">u2</var> by a policy that requires both - credentials to be associated to the same jail. This is a restriction to the - baseline jail policy that a subject can see subjects or objects in its own - jail or any sub-jail of it.</p> -<p class="Pp">This policy is active if and only if the - <a class="Xr">sysctl(8)</a> variable - <var class="Va">security.bsd.see_jail_proc</var> is set to zero.</p> -<p class="Pp">As usual, the superuser (effective user ID 0) is exempt from this - policy provided that the <a class="Xr">sysctl(8)</a> variable - <var class="Va">security.bsd.suser_enabled</var> is non-zero and no active - MAC policy explicitly denies the exemption (see - <a class="Xr">priv_check_cred(9)</a>).</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="RETURN_VALUES"><a class="permalink" href="#RETURN_VALUES">RETURN - VALUES</a></h1> -<p class="Pp">The <code class="Fn">cr_canseejailproc</code>() function returns 0 - if the policy is disabled, both credentials are associated to the same jail, - or if <var class="Fa">u1</var> has privilege exempting it from the policy. - Otherwise, it returns <code class="Er">ESRCH</code>.</p> -</section> -<section class="Sh"> -<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE - ALSO</a></h1> -<p class="Pp"><a class="Xr">cr_bsd_visible(9)</a>, - <a class="Xr">priv_check_cred(9)</a></p> -</section> -<section class="Sh"> -<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> -<p class="Pp">This manual page was written by <span class="An">Olivier - Certner</span> - <<a class="Mt" href="mailto:olce.freebsd@certner.fr">olce.freebsd@certner.fr</a>>.</p> -</section> -</div> -<table class="foot"> - <tr> - <td class="foot-date">August 18, 2023</td> - <td class="foot-os">FreeBSD 15.0</td> - </tr> -</table> |