CR_CANSEE(9) BSD Kernel Developer's Manual CR_CANSEE(9)NAME
cr_cansee -- determine visibility of objects given their user credentials
SYNOPSIS
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/ucred.h>
int
cr_cansee(struct ucred *u1, struct ucred *u2);
DESCRIPTION
This function determines the visibility of objects in the kernel based on the real user IDs and group IDs in the credentials u1 and u2 asso-
ciated with them.
The visibility of objects is influenced by the sysctl(8) variables security.bsd.see_other_gids and security.bsd.see_other_uids, as per the
description in cr_seeothergids(9) and cr_seeotheruids(9) respectively.
RETURN VALUES
This function returns zero if the object with credential u1 can ``see'' the object with credential u2, or ESRCH otherwise.
ERRORS
[ESRCH] The object with credential u1 cannot ``see'' the object with credential u2.
[ESRCH] The object with credential u1 has been jailed and the object with credential u2 does not belong to the same jail as u1.
[ESRCH] The MAC subsystem denied visibility.
SEE ALSO cr_seeothergids(9), cr_seeotheruids(9), mac(9), p_cansee(9)BSD November 19, 2006 BSD