Provided by: freebsd-manpages_8.2-1_all bug

NAME

     cr_cansee -- determine visibility of objects given their user credentials

SYNOPSIS

     #include <sys/param.h>
     #include <sys/systm.h>
     #include <sys/ucred.h>

     int
     cr_cansee(struct ucred *u1, struct ucred *u2);

DESCRIPTION

     This function determines the visibility of objects in the kernel based on
     the real user IDs and group IDs in the credentials u1 and u2 associated
     with them.

     The visibility of objects is influenced by the sysctl(8) variables
     security.bsd.see_other_gids and security.bsd.see_other_uids, as per the
     description in cr_seeothergids(9) and cr_seeotheruids(9) respectively.

RETURN VALUES

     This function returns zero if the object with credential u1 can ``see''
     the object with credential u2, or ESRCH otherwise.

ERRORS

     [ESRCH]            The object with credential u1 cannot ``see'' the
                        object with credential u2.

     [ESRCH]            The object with credential u1 has been jailed and the
                        object with credential u2 does not belong to the same
                        jail as u1.

     [ESRCH]            The MAC subsystem denied visibility.

SEE ALSO

     cr_seeothergids(9), cr_seeotheruids(9), mac(9), p_cansee(9)