tail head cat sleep
QR code linking to this page

Manual Pages  — CR_CANSEE

NAME

cr_cansee – determine visibility of objects given their user credentials

CONTENTS

SYNOPSIS

#include <sys/param.h>
#include <sys/systm.h>
#include <sys/ucred.h>

int
cr_cansee(struct ucred *u1, struct ucred *u2);

DESCRIPTION

This function determines the visibility of objects in the kernel based on the real user IDs and group IDs in the credentials u1 and u2 associated with them.

The visibility of objects is influenced by the sysctl(8) variables security.bsd.see_other_gids and security.bsd.see_other_uids, as per the description in cr_seeothergids(9) and cr_seeotheruids(9) respectively.

RETURN VALUES

This function returns zero if the object with credential u1 can "see" the object with credential u2, or ESRCH otherwise.

ERRORS

[ESRCH]
  The object with credential u1 cannot "see" the object with credential u2.
[ESRCH]
  The object with credential u1 has been jailed and the object with credential u2 does not belong to the same jail as u1.
[ESRCH]
  The MAC subsystem denied visibility.

SEE ALSO

cr_seeothergids(9), cr_seeotheruids(9), mac(9), p_cansee(9)

CR_CANSEE (9) November 19, 2006

tail head cat sleep
QR code linking to this page


Please direct any comments about this manual page service to Ben Bullock. Privacy policy.

The most horrifying thing about Unix is that, no matter how many times you hit yourself over the head with it, you never quite manage to lose consciousness. It just goes on and on.
— Patrick Sobalvarro