Document a few kernel functions and the sysctl tunables that

affect their behaviour.

5 files changed, 357 insertions, 1 deletions

diff --git a/share/man/man9/Makefile b/share/man/man9/Makefile
index 1334cac..480c5de 100644
--- a/share/man/man9/Makefile
+++ b/share/man/man9/Makefile
@@ -29,6 +29,7 @@ MAN=	BUF_LOCK.9 BUF_LOCKFREE.9 BUF_LOCKINIT.9 BUF_REFCNT.9 \
 	bus_set_resource.9 \
 	byteorder.9 \
 	cd.9 cdevsw_add.9 cdevsw_remove.9 condvar.9 copy.9 \
+	cr_seeothergids.9 cr_seeotheruids.9 \
 	critical_enter.9 crypto.9 \
 	devclass.9 devclass_add_driver.9 devclass_find.9 \
 	devclass_get_device.9 devclass_get_devices.9 \
@@ -59,7 +60,7 @@ MAN=	BUF_LOCK.9 BUF_LOCKFREE.9 BUF_LOCKINIT.9 BUF_REFCNT.9 \
 	mi_switch.9 microseq.9 microtime.9 microuptime.9 \
 	module.9 mtx_pool.9 mutex.9 \
 	namei.9 \
-	panic.9 pbuf.9 pci.9 pfil.9 pfind.9 pgfind.9 \
+	p_candebug.9 panic.9 pbuf.9 pci.9 pfil.9 pfind.9 pgfind.9 \
 	physio.9 printf.9 pseudofs.9 psignal.9 \
 	pmap.9 pmap_activate.9 pmap_addr_hint.9 pmap_change_wiring.9 \
 	pmap_clear_modify.9 pmap_copy.9 pmap_enter.9 pmap_extract.9 \
@@ -68,6 +69,7 @@ MAN=	BUF_LOCK.9 BUF_LOCKFREE.9 BUF_LOCKINIT.9 BUF_REFCNT.9 \
 	pmap_mincore.9 pmap_object_init_pt.9 pmap_page_exists_quick.9 \
 	pmap_page_protect.9 pmap_pinit.9 pmap_qenter.9 \
 	pmap_release.9 pmap_remove.9 pmap_resident_count.9 pmap_zero_page.9 \
+	prison_check.9 \
 	random.9 resettodr.9 resource_int_value.9 \
 	rtalloc.9 rtentry.9 runqueue.9  random_harvest.9 rijndael.9 \
 	rman.9 \
diff --git a/share/man/man9/cr_seeothergids.9 b/share/man/man9/cr_seeothergids.9
new file mode 100644
index 0000000..e944892
--- /dev/null
+++ b/share/man/man9/cr_seeothergids.9
@@ -0,0 +1,81 @@
+.\"
+.\" Copyright (c) 2003 Joseph Koshy <jkoshy@freebsd.org>
+.\"
+.\" All rights reserved.
+.\"
+.\" This program is free software.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.Dd November 11, 2003
+.Os
+.Dt cr_seeothergids 9
+.Sh NAME
+.Nm cr_seeothergids
+.Nd determine visibility of objects given their group memberships
+.Sh SYNOPSIS
+.Ft int
+.Fn cr_seeothergids "struct ucred *u1" "struct ucred *u2"
+.Sh DESCRIPTION
+This function determines the visibility of objects in the
+kernel based on the group ids in the credentials
+.Fa u1
+and
+.Fa u2
+associated with them.
+.Pp
+The visibility of objects is influenced by the
+.Xr sysctl 8
+tunable
+.Va security.bsd.see_other_gids .
+If this tunable is non-zero, then all objects in the kernel
+are visible to each othe irrespective of their group membership.
+If this tunable is zero, then the object with credentials
+.Fa u2
+is visible to the object with credentials
+.Fa u1
+if either
+.Fa u1
+is the super-user credential, or if at least one of
+.Fa u1 Ns 's
+group ids is present in
+.Fa u2 Ns 's
+group set.
+.Sh SYSCTL TUNABLES
+.Bl -tag -width indent
+.It Va security.bsd.see_other_gids
+must be non-zero if objects with unprivileged credentials are to be
+able to see each other.
+.El
+.Sh RETURN VALUES
+Ths function returns zero if the object with credential
+.Fa u1
+can
+.Dq see
+the object with credential
+.Fa u2 ,
+or
+.Er ESRCH
+otherwise.
+.Sh SEE ALSO
+.Xr cr_seeotheruids 9 ,
+.Xr p_candebug 9
\ No newline at end of file
diff --git a/share/man/man9/cr_seeotheruids.9 b/share/man/man9/cr_seeotheruids.9
new file mode 100644
index 0000000..4d0b349
--- /dev/null
+++ b/share/man/man9/cr_seeotheruids.9
@@ -0,0 +1,81 @@
+.\"
+.\" Copyright (c) 2003 Joseph Koshy <jkoshy@freebsd.org>
+.\"
+.\" All rights reserved.
+.\"
+.\" This program is free software.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.Dd November 11, 2003
+.Os
+.Dt cr_seeotheruids 9
+.Sh NAME
+.Nm cr_seeotheruids
+.Nd determine visibility of objects given their user credentials
+.Sh SYNOPSIS
+.Ft int
+.Fn cr_seeotheruids "struct ucred *u1" "struct ucred *u2"
+.Sh DESCRIPTION
+This function determines the visibility of objects in the
+kernel based on the real user ids in the credentials
+.Fa u1
+and
+.Fa u2
+associated with them.
+.Pp
+The visibility of objects is influenced by the
+.Xr sysctl 8
+tunable
+.Va security.bsd.see_other_uids .
+If this tunable is non-zero, then all objects in the kernel
+are visible to each other irrespective of their user ids.
+If this tunable is zero, then the object with credentials
+.Fa u2
+is visible to the object with credentials
+.Fa u1
+if either
+.Fa u1
+is the super-user credential, or if
+.Fa u1
+and
+.Fa u2
+have the same real user id.
+.Sh SYSCTL TUNABLES
+.Bl -tag -width indent
+.It Va security.bsd.see_other_uids
+must be non-zero if objects with unprivileged credentials are to be
+able to see each other.
+.El
+.Sh RETURN VALUES
+Ths function returns zero if the object with credential
+.Fa u1
+can
+.Dq see
+the object with credential
+.Fa u2 ,
+or
+.Er ESRCH
+otherwise.
+.Sh SEE ALSO
+.Xr cr_seeothergids 9 ,
+.Xr p_candebug 9
\ No newline at end of file
diff --git a/share/man/man9/p_candebug.9 b/share/man/man9/p_candebug.9
new file mode 100644
index 0000000..c611125
--- /dev/null
+++ b/share/man/man9/p_candebug.9
@@ -0,0 +1,132 @@
+.\"
+.\" Copyright (c) 2003 Joseph Koshy <jkoshy@freebsd.org>
+.\"
+.\" All rights reserved.
+.\"
+.\" This program is free software.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.Dd November 11, 2003
+.Os
+.Dt p_candebug 9
+.Sh NAME
+.Nm p_candebug
+.Nd determine debuggability of a process
+.Sh SYNOPSIS
+.In sys/proc.h
+.Ft int
+.Fn p_candebug "struct thread *td" "struct proc *p"
+.Sh DESCRIPTION
+This function can be used to determine if a given process
+.Fa p
+is debuggable by the thread
+.Fa td .
+.Sh SYSCTL TUNABLES
+The following
+.Xr sysctl 8
+tunables directly influence the behaviour of
+.Fn p_candebug :
+.Bl -tag -width indent
+.It Va kern.securelevel
+debugging of the init process is not allowed if this tunable is
+.Li 1
+or greater.
+.It Va security.bsd.unprivileged_proc_debug
+must be set to a non-zero value to allow unprivileged processes
+access to the kernel's debug facilities.
+.El
+.Sh RETURN VALUES
+.Fn p_candebug
+returns
+.Li 0
+if the process denoted by
+.Ar p
+is debuggable by thread
+.Ar td ,
+or a non-zero error return value otherwise.
+.Sh ERRORS
+.Bl -tag -width Er
+.It Bq Er EACCESS
+The MAC subsystem denied debuggability.
+.It Bq Er EAGAIN
+Process
+.Fa p
+is in the process of being
+.Fn exec Ns 'ed.
+.It Bq Er EPERM
+Thread
+.Fa td
+lacks super-user credentials and process
+.Fa p
+is executing a set-user-id or set-group-id executable.
+.It Bq Er EPERM
+Thread
+.Fa td
+lacks super-user credentials and process
+.Fa p Ns 's
+group set is not a subset of
+.Fa td Ns 's
+effective group set.
+.It Bq Er EPERM
+Thread
+.Fa td
+lacks super-user credentials and process
+.Fa p Ns 's
+user ids do not match thread
+.Fa td Ns 's
+effective user id.
+.It Bq Er EPERM
+Process
+.Fa p
+denotes the initial process
+.Fn initproc
+and the sysctl tunable
+.Va kern.securelevel
+is greater than zero.
+.It Bq Er ESRCH
+Process
+.Fa p
+is not visible to thread
+.Fa td
+as determined by
+.Xr cr_seeotheruids 9
+or
+.Xr cr_seeothergids 9 .
+.It Bq Er ESRCH
+Thread
+.Fa td
+has been jailed and process
+.Fa p
+does not belong to the same jail as
+.Fa td .
+.It Bq Er ESRCH
+The MAC subsystem denied debuggability.
+.El
+.Sh SEE ALSO
+.Xr intro 2 ,
+.Xr jail 2 ,
+.Xr sysctl 8 ,
+.Xr cr_seeotheruids 9 ,
+.Xr cr_seeothergids 9 ,
+.Xr mac 9 ,
+.Xr prison_check 9
diff --git a/share/man/man9/prison_check.9 b/share/man/man9/prison_check.9
new file mode 100644
index 0000000..1bade0b
--- /dev/null
+++ b/share/man/man9/prison_check.9
@@ -0,0 +1,60 @@
+.\"
+.\" Copyright (c) 2003 Joseph Koshy <jkoshy@freebsd.org>
+.\"
+.\" All rights reserved.
+.\"
+.\" This program is free software.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.Dd December 11, 2003
+.Os
+.Dt prison_check 9
+.Sh NAME
+.Nm prison_check
+.Nd determine if two credentials belong to the same jail
+.Sh SYNOPSIS
+.In sys/jail.h
+.Ft int
+.Fn prison_check "struct ucred *cred1" "struct ucred *cred2"
+.Sh DESCRIPTION
+This function can be used to determine if the two credentials
+.Fa cred1
+and
+.Fa cred2
+belong to the same jail.
+.Sh RETURN VALUES
+.Fn prison_check
+returns
+.Er ESRCH
+if
+.Fa cred1
+has been jailed, and
+.Fa cred1
+and
+.Fa cred2
+do not belong to the same jail.
+In all other cases,
+.Fn prison_check
+returns zero.
+.Sh SEE ALSO
+.Xr jail 2
\ No newline at end of file