NAME¶
cr_cansee
—
determine visibility of objects given their user
credentials
SYNOPSIS¶
#include
<sys/param.h>
#include
<sys/systm.h>
#include
<sys/ucred.h>
int
cr_cansee
(
struct
ucred *u1,
struct ucred
*u2);
DESCRIPTION¶
This function determines the visibility of objects in the kernel based on the
real user IDs and group IDs in the credentials
u1 and
u2
associated with them.
The visibility of objects is influenced by the
sysctl(8) variables
security.bsd.see_other_gids and
security.bsd.see_other_uids, as per the
description in
cr_seeothergids(9) and
cr_seeotheruids(9) respectively.
RETURN VALUES¶
This function returns zero if the object with credential
u1 can “see” the object with
credential
u2, or
ESRCH
otherwise.
ERRORS¶
- [
ESRCH
]
- The object with credential u1 cannot
“see” the object with credential
u2.
- [
ESRCH
]
- The object with credential u1 has been
jailed and the object with credential u2
does not belong to the same jail as
u1.
- [
ESRCH
]
- The MAC subsystem denied visibility.
SEE ALSO¶
cr_seeothergids(9),
cr_seeotheruids(9),
mac(9),
p_cansee(9)