Update suser(9) and priv(9) to document that the 'flags' argument is now

unused -- SUSER_RUID and SUSER_ALLOWJAIL are no longer defined or used.

Approved by:	re (bmah)

share/man/man9/priv.9

@@ -57,9 +57,9 @@ policy or access control list.
 The caller identifies the desired privilege via the
 .Fa priv
 argument.
-Additional access control context may also be passed using the
+The optional flags argument,
-.Fa flags
+.Fa flags ,
-argument.
+is currently unused.
 .Ss Privilege Policies
 Privileges are typically granted based on one of two base system policies:
 the superuser policy, which grants privilege based on the effective (or

share/man/man9/suser.9

@@ -68,37 +68,17 @@ not the thread's own, when there is no thread, when superuser
 powers should be extended to imprisoned roots, or when the credential
 to be checked is the real user rather than the effective user.
 .Pp
-By default, a process does not command superuser powers if it has
+Whether or not a privilege is permitted in a
-been imprisoned by the
+.Xr jail 8
-.Xr jail 2
+depends on logic in
-system call.
+.Fn prison_priv_check .
-There are cases however where this is appropriate, and this can
-be done by passing
-.Dv SUSER_ALLOWJAIL
-in the
-.Fa flag
-argument to the
-.Fn suser_cred
-function.
-It is important to review carefully in each case that
-this does not weaken the prison.
-Generally, only where the action is protected by
-.Xr chroot 2
-implicit in the
-.Xr jail 2
-call should such powers be granted.
 .Pp
-By default, the credential checked is the effective user.
+In general, privileges are assigned based on the effective user ID; in some
-There are cases
+cases, the real user ID may be used.
-where it is instead necessary to check the real user (for example, when
+.Pp
-determining if resource limits should be applied), and this can be done
+The
-by passing the
+.Fa flags
-.Dv SUSER_RUID
+field is currently unused.
-flag in the
-.Fa flag
-argument to the
-.Fn suser_cred
-function.
 .Pp
 The
 .Fn suser