NAME

prison_check — determine if subjects may see entities according to jail restrictions

SYNOPSIS

#include <sys/jail.h>

int
prison_check(struct ucred *cred1, struct ucred *cred2);

DESCRIPTION

This function determines if a subject with credentials cred1 is denied access to subjects or objects with credentials cred2 according to the policy that a subject can see subjects or objects in its own jail or any sub-jail of it.

RETURN VALUES

The prison_check() function returns ESRCH if cred2 is not in the same jail or a sub-jail of that of cred1. In all other cases, prison_check() returns zero.

SEE ALSO

jail(2)