From nobody Mon Jun 16 20:24:41 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bLhLf2zKNz5yMkR; Mon, 16 Jun 2025 20:24:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bLhLf0pdxz3JRg; Mon, 16 Jun 2025 20:24:42 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1750105482; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xidhFoG+oW7SGpPwh1m67XKwzdyqLtAVrdUT2pA176E=; b=SkCFXWiNP3XaAAihfJvCB9VcxyhLhCwiRMugn/tqN82IXggRtWMPJtGr2md/3q9W4xyW/g MK2S5xXrfL+vOYFZ14tJqc9V14+Ow4po52/ScvISORpXMZsgjj0Lxh9d210Z5ZSAoFTLS1 3Yd1ipTMHRCVZJhYUpKTun11h3TL5R+k/ppzQziBBTnOne+5nDPem2B8/Ek66Dpx9yfqKC O5VezVNNjJyY0+Y4kG4NhF8qwObum3vOIrpfJdD+4y1StXNalFl/ukQLlcj3lTON68G+DQ VC6kHgaueRgb/LO4zlUeEmAJVbBCX008+iVMU8JWC0a9zmq24SbMbx1mOaKdFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1750105482; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xidhFoG+oW7SGpPwh1m67XKwzdyqLtAVrdUT2pA176E=; b=Y3CUkghaJoM6AL9kTz+6itx8OL8xSxZP4s8n8qv9njXZcdnEet8iA+Ivt7jiF737kYcgQw 1nX5mbgZ6e2EhDs9Eksh9IivJaGlAn+vugsT0mpSWzH3QoQ1IuY+B9xNhsIeGpEczyWIYO Tpai1xliYAsVvccxj0t/nPm/V3ELUykXwl7ioU0H/FkwmhS7uTVkH3e6mXr/FaqL5GaqKg ntgVgdxxO+wjxS6iFERi1QCAr+JPSGMt5Rvn4eHvVRW8V9bDXqiSo2CoVkkHYFj2TcHWiF lw0rbKzfrfIqnvbj8DrX09ubdnQknxLIXoyiq5ZdSPjkA3aOwx0KtGGg8DgA1A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1750105482; a=rsa-sha256; cv=none; b=og0WrFd0al6GhwTGODl2yQ32NXi+3bQ78b0e3Cdd8FGOxuZXPLUSynDY2bR2Ikqg67tkGW 4bZkgHLL2FGdSjgL91XjMBXo8VC+CBW9gaWVwRQOs4Er5LaUn1rwLpysvA5tby2EUiKZUs mPzngerFpDVBYt70ClTZaEWHUaqoofjn1+rwcrfsNsbZ3GLZ+VYysrFnQJb/oz562rVcyx 2cwhuRIHOJNdUXbZBi1hpv6DBYVcgd9K10Cn7TAzBOgnjHEoGAb3bNm5lm16MB2Op8b+rB ZRmRSH15jSW6GxTyr0TRSSKtp0/mNhXVNuvqP+gqmsk8MZeNFL/aj0xCahK5+g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bLhLf0MYgz1BZt; Mon, 16 Jun 2025 20:24:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 55GKOf8j040240; Mon, 16 Jun 2025 20:24:41 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 55GKOfpw040237; Mon, 16 Jun 2025 20:24:41 GMT (envelope-from git) Date: Mon, 16 Jun 2025 20:24:41 GMT Message-Id: <202506162024.55GKOfpw040237@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Olivier Certner Subject: git: 27955ed58e19 - stable/14 - mac_do(4): Examples: Fix some descriptions and a typo List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 27955ed58e1900549d9da48b3fb7d615c0470e40 Auto-Submitted: auto-generated The branch stable/14 has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=27955ed58e1900549d9da48b3fb7d615c0470e40 commit 27955ed58e1900549d9da48b3fb7d615c0470e40 Author: Olivier Certner AuthorDate: 2025-06-11 23:07:49 +0000 Commit: Olivier Certner CommitDate: 2025-06-16 20:08:19 +0000 mac_do(4): Examples: Fix some descriptions and a typo MFC after: 3 days Sponsored by: The FreeBSD Foundation (cherry picked from commit 94828b33803314b5c8e833b233ca6894a340aa88) Event: Kitchener-Waterloo Hackathon 202506 --- share/man/man4/mac_do.4 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/share/man/man4/mac_do.4 b/share/man/man4/mac_do.4 index 4c067205225c..f64eae600436 100644 --- a/share/man/man4/mac_do.4 +++ b/share/man/man4/mac_do.4 @@ -348,12 +348,12 @@ Here are several examples of single rules matching processes having a real user ID of 10001: .Bl -tag -width indent .It Li uid=10001>uid=10002 -Allows the process to switch any of its real, effective or saved user ID to +Allows the process to switch all of its real, effective or saved user ID to 10002, but keeping the groups it is already in, and with the same primary/supplementary groups split. .It Li uid=10001>uid=10002,uid=10003 Same as the first example, but also allows to switch to UID 10003 instead of -10002. +10002, or possibly having both in different user IDs. .It Li uid=10001>uid=10002,gid=10002 Same as the first example, but the new primary groups must be set to 10002 and no supplementary groups should be set. @@ -387,7 +387,7 @@ group, allowing its members to switch to root without password. .It Li gid=10001>gid=10002 Allows the process to enter GID 10002 as a primary group, but only if giving up all its supplementary groups. -.It Li security.mac.do.rules=gid=10001>gid=10002,+gid=.\& +.It Li gid=10001>gid=10002,+gid=.\& Same as the previous example, but allows to retain any current supplementary groups. .It Li gid=10001>gid=10002,!gid=.\&