Revert -I, but add uid/self and gid/self to uidgid accessrules checking

1 files changed, 11 insertions, 4 deletions

diff --git a/doc/libs6/accessrules.html b/doc/libs6/accessrules.html
index 821575d..2360cfc 100644
--- a/doc/libs6/accessrules.html
+++ b/doc/libs6/accessrules.html
@@ -124,10 +124,17 @@ is not S6_ACCESSRULES_NOTFOUND. If no match can be found in the whole list,
 <a name="uidgid" />
  <tt>s6_accessrules_keycheck_uidgid</tt> interprets <em>key</em> as a
 pointer to a structure containing an uid <em>u</em> and a gid <em>g</em>.
-The function first looks
-for a <tt>uid/<em>u</em></tt> match; if it cannot find one, it looks for a
-<tt>gid/<em>g</em></tt> match. If it cannot find one either, it checks
-<tt>uid/default</tt> and returns the result. </li>
+The following checks are performed, in this order (i.e. subsequent
+checks are not performed if a match is found):
+ <ul>
+  <li> If <em>u</em> is equal to the effective uid of the process, look
+for a <tt>uid/self</tt> match. </li>
+  <li> Look for a <tt>uid/<em>u</em></tt> match. </li>
+  <li> If <em>g</em> is equal to the effective gid of the process, look
+for a <tt>gid/self</tt> match. </li>
+  <li> Look for a <tt>gid/<em>g</em></tt> match. </li>
+  <li> Look for a <tt>uid/default</tt> match. </li>
+ </ul> </li>
  <li>
 <a name="reversedns" />
  <tt>s6_accessrules_keycheck_reversedns</tt> interprets <em>key</em>