mdoc(7) fixes.
This commit is contained in:
parent
2c5470d09e
commit
c8cbcbce5c
@ -26,9 +26,10 @@
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd November 11, 2003
|
||||
.Os
|
||||
.Dt cr_seeothergids 9
|
||||
.Dt CR_SEEOTHERGIDS 9
|
||||
.Sh NAME
|
||||
.Nm cr_seeothergids
|
||||
.Nd determine visibility of objects given their group memberships
|
||||
@ -37,7 +38,7 @@
|
||||
.Fn cr_seeothergids "struct ucred *u1" "struct ucred *u2"
|
||||
.Sh DESCRIPTION
|
||||
This function determines the visibility of objects in the
|
||||
kernel based on the group ids in the credentials
|
||||
kernel based on the group IDs in the credentials
|
||||
.Fa u1
|
||||
and
|
||||
.Fa u2
|
||||
@ -45,11 +46,11 @@ associated with them.
|
||||
.Pp
|
||||
The visibility of objects is influenced by the
|
||||
.Xr sysctl 8
|
||||
tunable
|
||||
variable
|
||||
.Va security.bsd.see_other_gids .
|
||||
If this tunable is non-zero, then all objects in the kernel
|
||||
If this variable is non-zero then all objects in the kernel
|
||||
are visible to each other irrespective of their group membership.
|
||||
If this tunable is zero, then the object with credentials
|
||||
If this variable is zero then the object with credentials
|
||||
.Fa u2
|
||||
is visible to the object with credentials
|
||||
.Fa u1
|
||||
@ -57,13 +58,13 @@ if either
|
||||
.Fa u1
|
||||
is the super-user credential, or if at least one of
|
||||
.Fa u1 Ns 's
|
||||
group ids is present in
|
||||
group IDs is present in
|
||||
.Fa u2 Ns 's
|
||||
group set.
|
||||
.Sh SYSCTL TUNABLES
|
||||
.Sh SYSCTL VARIABLES
|
||||
.Bl -tag -width indent
|
||||
.It Va security.bsd.see_other_gids
|
||||
must be non-zero if objects with unprivileged credentials are to be
|
||||
Must be non-zero if objects with unprivileged credentials are to be
|
||||
able to see each other.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
@ -78,4 +79,4 @@ or
|
||||
otherwise.
|
||||
.Sh SEE ALSO
|
||||
.Xr cr_seeotheruids 9 ,
|
||||
.Xr p_candebug 9
|
||||
.Xr p_candebug 9
|
||||
|
@ -26,9 +26,10 @@
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd November 11, 2003
|
||||
.Os
|
||||
.Dt cr_seeotheruids 9
|
||||
.Dt CR_SEEOTHERUIDS 9
|
||||
.Sh NAME
|
||||
.Nm cr_seeotheruids
|
||||
.Nd determine visibility of objects given their user credentials
|
||||
@ -37,7 +38,7 @@
|
||||
.Fn cr_seeotheruids "struct ucred *u1" "struct ucred *u2"
|
||||
.Sh DESCRIPTION
|
||||
This function determines the visibility of objects in the
|
||||
kernel based on the real user ids in the credentials
|
||||
kernel based on the real user IDs in the credentials
|
||||
.Fa u1
|
||||
and
|
||||
.Fa u2
|
||||
@ -45,11 +46,11 @@ associated with them.
|
||||
.Pp
|
||||
The visibility of objects is influenced by the
|
||||
.Xr sysctl 8
|
||||
tunable
|
||||
variable
|
||||
.Va security.bsd.see_other_uids .
|
||||
If this tunable is non-zero, then all objects in the kernel
|
||||
are visible to each other irrespective of their user ids.
|
||||
If this tunable is zero, then the object with credentials
|
||||
If this variable is non-zero then all objects in the kernel
|
||||
are visible to each other irrespective of their user IDs.
|
||||
If this variable is zero then the object with credentials
|
||||
.Fa u2
|
||||
is visible to the object with credentials
|
||||
.Fa u1
|
||||
@ -59,11 +60,11 @@ is the super-user credential, or if
|
||||
.Fa u1
|
||||
and
|
||||
.Fa u2
|
||||
have the same real user id.
|
||||
.Sh SYSCTL TUNABLES
|
||||
have the same real user ID.
|
||||
.Sh SYSCTL VARIABLES
|
||||
.Bl -tag -width indent
|
||||
.It Va security.bsd.see_other_uids
|
||||
must be non-zero if objects with unprivileged credentials are to be
|
||||
Must be non-zero if objects with unprivileged credentials are to be
|
||||
able to see each other.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
@ -78,4 +79,4 @@ or
|
||||
otherwise.
|
||||
.Sh SEE ALSO
|
||||
.Xr cr_seeothergids 9 ,
|
||||
.Xr p_candebug 9
|
||||
.Xr p_candebug 9
|
||||
|
@ -26,9 +26,10 @@
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd November 11, 2003
|
||||
.Os
|
||||
.Dt p_candebug 9
|
||||
.Dt P_CANDEBUG 9
|
||||
.Sh NAME
|
||||
.Nm p_candebug
|
||||
.Nd determine debuggability of a process
|
||||
@ -41,28 +42,30 @@ This function can be used to determine if a given process
|
||||
.Fa p
|
||||
is debuggable by the thread
|
||||
.Fa td .
|
||||
.Sh SYSCTL TUNABLES
|
||||
.Sh SYSCTL VARIABLES
|
||||
The following
|
||||
.Xr sysctl 8
|
||||
tunables directly influence the behaviour of
|
||||
variables directly influence the behaviour of
|
||||
.Fn p_candebug :
|
||||
.Bl -tag -width indent
|
||||
.It Va kern.securelevel
|
||||
debugging of the init process is not allowed if this tunable is
|
||||
Debugging of the init process is not allowed if this variable is
|
||||
.Li 1
|
||||
or greater.
|
||||
.It Va security.bsd.unprivileged_proc_debug
|
||||
must be set to a non-zero value to allow unprivileged processes
|
||||
Must be set to a non-zero value to allow unprivileged processes
|
||||
access to the kernel's debug facilities.
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
The
|
||||
.Fn p_candebug
|
||||
function
|
||||
returns
|
||||
.Li 0
|
||||
if the process denoted by
|
||||
.Ar p
|
||||
.Fa p
|
||||
is debuggable by thread
|
||||
.Ar td ,
|
||||
.Fa td ,
|
||||
or a non-zero error return value otherwise.
|
||||
.Sh ERRORS
|
||||
.Bl -tag -width Er
|
||||
@ -78,7 +81,7 @@ Thread
|
||||
.Fa td
|
||||
lacks super-user credentials and process
|
||||
.Fa p
|
||||
is executing a set-user-id or set-group-id executable.
|
||||
is executing a set-user-ID or set-group-ID executable.
|
||||
.It Bq Er EPERM
|
||||
Thread
|
||||
.Fa td
|
||||
@ -92,15 +95,17 @@ Thread
|
||||
.Fa td
|
||||
lacks super-user credentials and process
|
||||
.Fa p Ns 's
|
||||
user ids do not match thread
|
||||
user IDs do not match thread
|
||||
.Fa td Ns 's
|
||||
effective user id.
|
||||
effective user ID.
|
||||
.It Bq Er EPERM
|
||||
Process
|
||||
.Fa p
|
||||
denotes the initial process
|
||||
.Fn initproc
|
||||
and the sysctl tunable
|
||||
and the
|
||||
.Xr sysctl 8
|
||||
variable
|
||||
.Va kern.securelevel
|
||||
is greater than zero.
|
||||
.It Bq Er ESRCH
|
||||
|
@ -26,9 +26,10 @@
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd December 11, 2003
|
||||
.Os
|
||||
.Dt prison_check 9
|
||||
.Dt PRISON_CHECK 9
|
||||
.Sh NAME
|
||||
.Nm prison_check
|
||||
.Nd determine if two credentials belong to the same jail
|
||||
@ -43,7 +44,9 @@ and
|
||||
.Fa cred2
|
||||
belong to the same jail.
|
||||
.Sh RETURN VALUES
|
||||
The
|
||||
.Fn prison_check
|
||||
function
|
||||
returns
|
||||
.Er ESRCH
|
||||
if
|
||||
@ -57,4 +60,4 @@ In all other cases,
|
||||
.Fn prison_check
|
||||
returns zero.
|
||||
.Sh SEE ALSO
|
||||
.Xr jail 2
|
||||
.Xr jail 2
|
||||
|
Loading…
Reference in New Issue
Block a user