Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 28 Sep 2025 14:02:29 GMT
From:      Olivier Certner <olce@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: c1d5fc4e0cfc - main - mac_do.4: Mention "from" part's GID can also match supplementary groups
Message-ID:  <202509281402.58SE2TBJ050584@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=c1d5fc4e0cfc63d23379457ac0b51c59c60b27c7

commit c1d5fc4e0cfc63d23379457ac0b51c59c60b27c7
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2025-09-28 13:55:20 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-09-28 14:01:55 +0000

    mac_do.4: Mention "from" part's GID can also match supplementary groups
    
    MFC after:      3 days
    Event:          EuroBSDCon 2025
    Sponsored by:   The FreeBSD Foundation
---
 share/man/man4/mac_do.4 | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/share/man/man4/mac_do.4 b/share/man/man4/mac_do.4
index 4dcb54c89673..39bfafd95474 100644
--- a/share/man/man4/mac_do.4
+++ b/share/man/man4/mac_do.4
@@ -94,8 +94,10 @@ i.e., one of the literal strings
 or
 .Ql gid .
 .Li Aq id
-must be the numerical ID of a user or group, and is matched with the current
-process real ID of the corresponding type.
+must be the numerical ID of a user or group and is matched against the current
+process real ID of the corresponding type, and on type
+.Ql gid
+additionally against the supplementary groups.
 .Ss Rule's Ao to Ac Part
 The second part of a rule,
 .Li Aq to ,
@@ -377,8 +379,8 @@ Same as the first example, but lifting any constraints on groups, allowing the
 process to become part of any groups it sees fit.
 .El
 .Pp
-Here are several examples of single rules matching processes having a real group
-ID of 10001:
+Here are several examples of single rules matching processes having 10001 as
+their real group IDs or in their supplementary groups:
 .Bl -tag -width indent
 .It Li gid=10001>uid=0
 Makes 10001 a more powerful

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202509281402.58SE2TBJ050584>