Manual Page Search Parameters
CR_CANSEE(9) Kernel Developer's Manual CR_CANSEE(9)

cr_canseedetermine visibility of objects given their user credentials

#include <sys/proc.h>

int
cr_cansee(struct ucred *u1, struct ucred *u2);

This function determines if a subject with credential u1 can see a subject or object associated to credential u2.

Specific types of subjects may need to submit to additional or different restrictions. As an example, for processes, see p_cansee(9), which calls this function.

The implementation relies on cr_bsd_visible(9) and consequently the sysctl(8) variables referenced in its manual page influence the result.

This function returns zero if the subject with credential u1 can “see” the subject or object with credential u2, or ESRCH otherwise.

[]
The subject with credential u1 has been jailed and the subject or object with credential u2 does not belong to the same jail or one of its sub-jails, as determined by prison_check(9).
[]
The MAC subsystem denied visibility.
[]
cr_bsd_visible(9) denied visibility according to the BSD security policies in force.

cr_bsd_visible(9), mac(9), p_cansee(9), prison_check(9)

August 18, 2023 dev