Date: Thu, 21 Dec 2023 13:43:36 GMT From: Olivier Certner <olce@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 865df3aed731 - stable/13 - prison_check(9): Bring up-to-date with hierarchical jails Message-ID: <202312211343.3BLDhak8079122@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=865df3aed73197f00967fed573fc9fa7b74df08d commit 865df3aed73197f00967fed573fc9fa7b74df08d Author: Olivier Certner <olce.freebsd@certner.fr> AuthorDate: 2023-08-17 23:54:44 +0000 Commit: Olivier Certner <olce@FreeBSD.org> CommitDate: 2023-12-21 13:37:38 +0000 prison_check(9): Bring up-to-date with hierarchical jails Reviewed by: bcr, emaste, pauamma_gundo.com, mhorne Sponsored by: Kumacom SAS Differential Revision: https://reviews.freebsd.org/D40639 (cherry picked from commit e9fdd494537ca45b14e0917e8bb1595b6460f3a3) Approved by: markj (mentor) --- share/man/man9/prison_check.9 | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/share/man/man9/prison_check.9 b/share/man/man9/prison_check.9 index b3bdcf6b4571..7f174e3ceb2e 100644 --- a/share/man/man9/prison_check.9 +++ b/share/man/man9/prison_check.9 @@ -25,22 +25,23 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd December 11, 2003 +.Dd August 18, 2023 .Dt PRISON_CHECK 9 .Os .Sh NAME .Nm prison_check -.Nd determine if two credentials belong to the same jail +.Nd determine if subjects may see entities according to jail restrictions .Sh SYNOPSIS .In sys/jail.h .Ft int .Fn prison_check "struct ucred *cred1" "struct ucred *cred2" .Sh DESCRIPTION -This function can be used to determine if the two credentials +This function determines if a subject with credentials .Fa cred1 -and +is denied access to subjects or objects with credentials .Fa cred2 -belong to the same jail. +according to the policy that a subject can see subjects or objects in its own +jail or any sub-jail of it. .Sh RETURN VALUES The .Fn prison_check @@ -48,12 +49,9 @@ function returns .Er ESRCH if -.Fa cred1 -has been jailed, and -.Fa cred1 -and .Fa cred2 -do not belong to the same jail. +is not in the same jail or a sub-jail of that of +.Fa cred1 . In all other cases, .Fn prison_check returns zero.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202312211343.3BLDhak8079122>