mirror of
https://github.com/freebsd/freebsd-src
synced 2024-07-22 02:37:15 +00:00
cr_canseeothergids(): Policy change's manual pages impact
See previous commit that made cr_canseeothergids() use the new realgroupmember() function, taking into account real group IDs instead of effective ones. PR: 272093 Reviewed by: pauamma_gundo.com, mhorne MFC after: 2 weeks Sponsored by: Kumacom SAS Differential Revision: https://reviews.freebsd.org/D40644
This commit is contained in:
parent
5d9f38405a
commit
0452dd8413
|
@ -97,7 +97,7 @@ and
|
|||
are not members of any common group
|
||||
.Po
|
||||
as determined by
|
||||
.Xr groupmember 9
|
||||
.Xr realgroupmember 9
|
||||
.Pc .
|
||||
.It Bq Er ESRCH
|
||||
Credentials
|
||||
|
|
|
@ -48,9 +48,9 @@ This function checks if a subject associated to credentials
|
|||
is denied seeing a subject or object associated to credentials
|
||||
.Fa u2
|
||||
by a policy that requires both credentials to have at least one group in common.
|
||||
For this determination, the effective and supplementary group IDs are used, but
|
||||
not the real group IDs, as per
|
||||
.Xr groupmember 9 .
|
||||
For this determination, the real and supplementary group IDs are used, but
|
||||
not the effective group IDs, as per
|
||||
.Xr realgroupmember 9 .
|
||||
.Pp
|
||||
This policy is active if and only if the
|
||||
.Xr sysctl 8
|
||||
|
@ -79,5 +79,5 @@ Otherwise, it returns
|
|||
.Er ESRCH .
|
||||
.Sh SEE ALSO
|
||||
.Xr cr_bsd_visible 9 ,
|
||||
.Xr groupmember 9 ,
|
||||
.Xr realgroupmember 9 ,
|
||||
.Xr priv_check_cred 9
|
||||
|
|
Loading…
Reference in a new issue