cr_cansee (9)
Leading comments
Copyright (c) 2006 Ceri Davies <ceri@FreeBSD.org> All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documen...
NAME
cr_cansee - determine visibility of objects given their user credentialsSYNOPSIS
In sys/param.h In sys/systm.h In sys/ucred.h Ft int Fn cr_cansee struct ucred *u1 struct ucred *u2DESCRIPTION
This function determines the visibility of objects in the kernel based on the real user IDs and group IDs in the credentials Fa u1 and Fa u2 associated with them.The visibility of objects is influenced by the sysctl(8) variables security.bsd.see_other_gids and security.bsd.see_other_uids as per the description in cr_seeothergids9 and cr_seeotheruids9 respectively.
RETURN VALUES
This function returns zero if the object with credential Fa u1 can ``see'' the object with credential Fa u2 , or Er ESRCH otherwise.ERRORS
- Bq Er ESRCH
- The object with credential Fa u1 cannot ``see'' the object with credential Fa u2 .
- Bq Er ESRCH
- The object with credential Fa u1 has been jailed and the object with credential Fa u2 does not belong to the same jail as Fa u1 .
- Bq Er ESRCH
- The MAC subsystem denied visibility.