mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-03 15:15:01 +00:00
cr_canseeothergids(): Policy change's manual pages impact
See previous commit that made cr_canseeothergids() use the new
realgroupmember() function, taking into account real group IDs instead
of effective ones.
PR: 272093
Reviewed by: pauamma_gundo.com, mhorne
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40644
(cherry picked from commit 0452dd8413
)
Approved by: markj (mentor)
This commit is contained in:
parent
f0951233c6
commit
0297e7213c
|
@ -97,7 +97,7 @@ and
|
|||
are not members of any common group
|
||||
.Po
|
||||
as determined by
|
||||
.Xr groupmember 9
|
||||
.Xr realgroupmember 9
|
||||
.Pc .
|
||||
.It Bq Er ESRCH
|
||||
Credentials
|
||||
|
|
|
@ -48,9 +48,9 @@ This function checks if a subject associated to credentials
|
|||
is denied seeing a subject or object associated to credentials
|
||||
.Fa u2
|
||||
by a policy that requires both credentials to have at least one group in common.
|
||||
For this determination, the effective and supplementary group IDs are used, but
|
||||
not the real group IDs, as per
|
||||
.Xr groupmember 9 .
|
||||
For this determination, the real and supplementary group IDs are used, but
|
||||
not the effective group IDs, as per
|
||||
.Xr realgroupmember 9 .
|
||||
.Pp
|
||||
This policy is active if and only if the
|
||||
.Xr sysctl 8
|
||||
|
@ -79,5 +79,5 @@ Otherwise, it returns
|
|||
.Er ESRCH .
|
||||
.Sh SEE ALSO
|
||||
.Xr cr_bsd_visible 9 ,
|
||||
.Xr groupmember 9 ,
|
||||
.Xr realgroupmember 9 ,
|
||||
.Xr priv_check_cred 9
|
||||
|
|
Loading…
Reference in a new issue