From 6b25fa2abb51085555724973dca1988f23d41bd2 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Tue, 26 Jun 2007 23:12:05 +0000 Subject: [PATCH] Update suser(9) and priv(9) to document that the 'flags' argument is now unused -- SUSER_RUID and SUSER_ALLOWJAIL are no longer defined or used. Approved by: re (bmah) --- share/man/man9/priv.9 | 6 +++--- share/man/man9/suser.9 | 40 ++++++++++------------------------------ 2 files changed, 13 insertions(+), 33 deletions(-) diff --git a/share/man/man9/priv.9 b/share/man/man9/priv.9 index bf86bfe78ef3..2756da912ce7 100644 --- a/share/man/man9/priv.9 +++ b/share/man/man9/priv.9 @@ -57,9 +57,9 @@ policy or access control list. The caller identifies the desired privilege via the .Fa priv argument. -Additional access control context may also be passed using the -.Fa flags -argument. +The optional flags argument, +.Fa flags , +is currently unused. .Ss Privilege Policies Privileges are typically granted based on one of two base system policies: the superuser policy, which grants privilege based on the effective (or diff --git a/share/man/man9/suser.9 b/share/man/man9/suser.9 index 971031939aa8..0b97d03cd4c1 100644 --- a/share/man/man9/suser.9 +++ b/share/man/man9/suser.9 @@ -68,37 +68,17 @@ not the thread's own, when there is no thread, when superuser powers should be extended to imprisoned roots, or when the credential to be checked is the real user rather than the effective user. .Pp -By default, a process does not command superuser powers if it has -been imprisoned by the -.Xr jail 2 -system call. -There are cases however where this is appropriate, and this can -be done by passing -.Dv SUSER_ALLOWJAIL -in the -.Fa flag -argument to the -.Fn suser_cred -function. -It is important to review carefully in each case that -this does not weaken the prison. -Generally, only where the action is protected by -.Xr chroot 2 -implicit in the -.Xr jail 2 -call should such powers be granted. +Whether or not a privilege is permitted in a +.Xr jail 8 +depends on logic in +.Fn prison_priv_check . .Pp -By default, the credential checked is the effective user. -There are cases -where it is instead necessary to check the real user (for example, when -determining if resource limits should be applied), and this can be done -by passing the -.Dv SUSER_RUID -flag in the -.Fa flag -argument to the -.Fn suser_cred -function. +In general, privileges are assigned based on the effective user ID; in some +cases, the real user ID may be used. +.Pp +The +.Fa flags +field is currently unused. .Pp The .Fn suser