*** UNIX MANUAL PAGE BROWSER ***

A Nergahak database for man pages research.

Navigation

Location: Home > FreeBSD > Section 9 > cr_bsd_visible
Quick Actions: [Home] [Up]

Directory Browser

1Browse 4.4BSD4.4BSD
1Browse Digital UNIXDigital UNIX 4.0e
1Browse FreeBSDFreeBSD 14.3
1Browse MINIXMINIX 3.4.0rc6-d5e4fc0
1Browse NetBSDNetBSD 10.1
1Browse OpenBSDOpenBSD 7.7
1Browse UNIX v7Version 7 UNIX
1Browse UNIX v10Version 10 UNIX

Manual Page Search

Manual Page Result

0 Command: cr_bsd_visible | Section: 9 | Source: FreeBSD | File: cr_bsd_visible.9.gz
CR_BSD_VISIBLE(9) FreeBSD Kernel Developer's Manual CR_BSD_VISIBLE(9) NAME cr_bsd_visible - determine if subjects may see entities according to BSD security policies SYNOPSIS #include <sys/proc.h> int cr_bsd_visible(struct ucred *u1, struct ucred *u2); DESCRIPTION This function determines if a subject with credentials u1 is denied seeing an object or subject associated to credentials u2 by the following policies and associated sysctl(8) knobs: security.bsd.seeotheruids If set to 0, subjects cannot see other subjects or objects if they are not associated with the same real user ID. The corresponding internal function is cr_canseeotheruids(9). security.bsd.seeothergids If set to 0, subjects cannot see other subjects or objects if they are not both a member of at least one common group. The corresponding internal function is cr_canseeothergids(9). security.bsd.see_jail_proc If set to 0, subjects cannot see other subjects or objects that are not associated with the same jail as they are. The corresponding internal function is cr_canseejailproc(9). As usual, the superuser (effective user ID 0) is exempt from any of these policies provided that the sysctl(8) variable security.bsd.suser_enabled is non-zero and no active MAC policy explicitly denies the exemption (see priv_check_cred(9)). This function is intended to be used as a helper to implement cr_cansee(9) and similar functions. RETURN VALUES This function returns zero if a subject with credentials u1 may see a subject or object with credentials u2 by the active above-mentioned policies, or ESRCH otherwise. ERRORS [ESRCH] Credentials u1 and u2 do not have the same real user ID. [ESRCH] Credentials u1 and u2 are not members of any common group (as determined by realgroupmember(9)). [ESRCH] Credentials u1 and u2 are not in the same jail. SEE ALSO cr_cansee(9), cr_canseejailproc(9), cr_canseeothergids(9), cr_canseeotheruids(9), priv_check_cred(9) AUTHORS This function and its manual page were written by Olivier Certner <[email protected]>. FreeBSD 14.1-RELEASE-p8 August 18, 2023 FreeBSD 14.1-RELEASE-p8

Navigation Options

Actions: [Home] [Back] [New Search]
Browse: [Browse FreeBSD] [Section 9]
Print/Export: [Print] [Raw Text]
Date: 2025-08-24 Time: 04:10:54 SAST |
Page generated in 0.2821 seconds
Nergahak ManpageViewer v1.4
[Back to Top]