From nobody Wed Jun 11 23:11:18 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bHhHB2wjqz5ydT8; Wed, 11 Jun 2025 23:11:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bHhHB25dzz3Jdb; Wed, 11 Jun 2025 23:11:18 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1749683478; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vSa+uHx+ilsbNvxcZyJSfms/b6267KUCDs5AQsYhELI=; b=JbdusRcmYRmky5i135PbKtbCthoXn2wtc8PwC74QDZCXNkKCfBPYkP2GuykJvGR2sPqq9K HW7JTWKmMwkvx6bF2N8egu0PguEICSiSLDovSdsMR1d1MbydNCOUH1pQlMgoBJo6W6diy7 njZE8JITL/MRRMFeaGk8rWCHlcYDebFy0RXqvIUlSrPuc+FuLjqWvLR1xVy4M0eTtXnbX+ 4vWavm3qIvw1pjow0Q8eLIWxq0BZ4HzihsHPln/OZSnvMLKl4Hkd5GUymfulQ9naoQvNMP LW9aQUNkZBFFIj7c6wDaBZxYvKpgY37OnfC+3/sB4D3rNgbS7BLP9BqCj9AYKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1749683478; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vSa+uHx+ilsbNvxcZyJSfms/b6267KUCDs5AQsYhELI=; b=oFXzs5nHHzUErJqSHg2rwAFzu6knD1WGLQYQBWG6ibVdAn5GN4Ax3cUHVKtL2bYzzBUgFO TxO/n70psjOl+zdGTsD4MbmaDNOxTpvwAvzF+c7eHJtOCNgqFpkDVspV0dsAwXTfJWB/L8 IzlfHQAXzmrjYrlMkDt1/3qt049+/fvEVp0loK27UhFtfBl8RfXdlplmEugptU2mpslC8i Z5xYJoH8DbJX+vJgtCaUTt8nDbsW3UtGgyExjBMiRiDcwb+D84rhIBtULt/RhHXqnCgcuo t5FXsmMu6HK4jyStdubviVgMG8FdqE8U3WD5A2foLaCV0vJI8ho7Y32bdngQRg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1749683478; a=rsa-sha256; cv=none; b=PJyAaynMfrDKFnpMBjkNYBsanTcVeSXGPMf58UJY9OA1SatUeVvW2v/v8z8PejRaET8Beb UgMxy92h2Av+8gXqD9OwsWK6o0w3aC1vIctt+/clsvWbqi6+OHXcu1NgaC2p1Z51J23Afo xR23EJ+Gh+lr4dujpEWQe1ZJ3YE8vyk5P1TuMQZRmICmxNbngrGAWTEM9gUaDNFFl3fDjy RTqIV3nZGv23qlA6XjozfxKuSdziLEJUhYa63C877FiYVbQZkd42cSHahnx0Ra+Skr8ITr Naibli87ZrwBOOlsmZGnCO5O9HVB8CZfYZMn47i4Qg82QM/qBUbF1euq38ddjA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bHhHB1Zvjzn0k; Wed, 11 Jun 2025 23:11:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 55BNBILc037597; Wed, 11 Jun 2025 23:11:18 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 55BNBIUs037594; Wed, 11 Jun 2025 23:11:18 GMT (envelope-from git) Date: Wed, 11 Jun 2025 23:11:18 GMT Message-Id: <202506112311.55BNBIUs037594@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 94828b338033 - main - mac_do(4): Examples: Fix some descriptions and a typo List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 94828b33803314b5c8e833b233ca6894a340aa88 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=94828b33803314b5c8e833b233ca6894a340aa88 commit 94828b33803314b5c8e833b233ca6894a340aa88 Author: Olivier Certner AuthorDate: 2025-06-11 23:07:49 +0000 Commit: Olivier Certner CommitDate: 2025-06-11 23:10:37 +0000 mac_do(4): Examples: Fix some descriptions and a typo MFC after: 3 days Sponsored by: The FreeBSD Foundation --- share/man/man4/mac_do.4 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/share/man/man4/mac_do.4 b/share/man/man4/mac_do.4 index 4c067205225c..f64eae600436 100644 --- a/share/man/man4/mac_do.4 +++ b/share/man/man4/mac_do.4 @@ -348,12 +348,12 @@ Here are several examples of single rules matching processes having a real user ID of 10001: .Bl -tag -width indent .It Li uid=10001>uid=10002 -Allows the process to switch any of its real, effective or saved user ID to +Allows the process to switch all of its real, effective or saved user ID to 10002, but keeping the groups it is already in, and with the same primary/supplementary groups split. .It Li uid=10001>uid=10002,uid=10003 Same as the first example, but also allows to switch to UID 10003 instead of -10002. +10002, or possibly having both in different user IDs. .It Li uid=10001>uid=10002,gid=10002 Same as the first example, but the new primary groups must be set to 10002 and no supplementary groups should be set. @@ -387,7 +387,7 @@ group, allowing its members to switch to root without password. .It Li gid=10001>gid=10002 Allows the process to enter GID 10002 as a primary group, but only if giving up all its supplementary groups. -.It Li security.mac.do.rules=gid=10001>gid=10002,+gid=.\& +.It Li gid=10001>gid=10002,+gid=.\& Same as the previous example, but allows to retain any current supplementary groups. .It Li gid=10001>gid=10002,!gid=.\&