• Start
• Documentation
  • PostgreSQL
  • mnoGoSearch
  • Apache 2.4
  • FreeBSD handbook
  • FreeBSD Manual
  • FreeBSD Source
• Tools
• Search
• Protected Area

plain

FreeBSD manual

keyword 1 2 3 4 5 6 7 8 9 n l

download PDF document: cr_cansee.9.pdf

CR_CANSEE(9) FreeBSD Kernel Developer's Manual CR_CANSEE(9)
NAME cr_cansee - determine visibility of objects given their user credentials
SYNOPSIS #include <sys/proc.h>
int cr_cansee(struct ucred *u1, struct ucred *u2);
DESCRIPTION This function determines if a subject with credential u1 can see a subject or object associated to credential u2.
Specific types of subjects may need to submit to additional or different restrictions. As an example, for processes, see p_cansee(9), which calls this function.
The implementation relies on cr_bsd_visible(9) and consequently the sysctl(8) variables referenced in its manual page influence the result.
RETURN VALUES This function returns zero if the subject with credential u1 can "see" the subject or object with credential u2, or ESRCH otherwise.
ERRORS [ESRCH] The subject with credential u1 has been jailed and the subject or object with credential u2 does not belong to the same jail or one of its sub-jails, as determined by prison_check(9).
[ESRCH] The MAC subsystem denied visibility.
[ESRCH] cr_bsd_visible(9) denied visibility according to the BSD security policies in force.
SEE ALSO prison_check(9), mac(9), cr_bsd_visible(9), p_cansee(9)
FreeBSD 14.0-RELEASE-p11 August 18, 2023 FreeBSD 14.0-RELEASE-p11