diff options
| author | Laurent Bercot <ska-skaware@skarnet.org> | 2019-02-04 19:04:05 +0000 |
|---|---|---|
| committer | Laurent Bercot <ska-skaware@skarnet.org> | 2019-02-04 19:04:05 +0000 |
| commit | e910005b1a337093109af29c7bf21b32c343ab56 (patch) | |
| tree | 6b3326d5827211c99f858a56e2d4c86307e429d5 /doc/libs6 | |
| parent | fb6877e47d8a60b1e00ea55b2203589a43a610d0 (diff) | |
| download | s6-e910005b1a337093109af29c7bf21b32c343ab56.tar.xz | |
Revert -I, but add uid/self and gid/self to uidgid accessrules checking
Diffstat (limited to 'doc/libs6')
| -rw-r--r-- | doc/libs6/accessrules.html | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/doc/libs6/accessrules.html b/doc/libs6/accessrules.html index 821575d..2360cfc 100644 --- a/doc/libs6/accessrules.html +++ b/doc/libs6/accessrules.html @@ -124,10 +124,17 @@ is not S6_ACCESSRULES_NOTFOUND. If no match can be found in the whole list, <a name="uidgid" /> <tt>s6_accessrules_keycheck_uidgid</tt> interprets <em>key</em> as a pointer to a structure containing an uid <em>u</em> and a gid <em>g</em>. -The function first looks -for a <tt>uid/<em>u</em></tt> match; if it cannot find one, it looks for a -<tt>gid/<em>g</em></tt> match. If it cannot find one either, it checks -<tt>uid/default</tt> and returns the result. </li> +The following checks are performed, in this order (i.e. subsequent +checks are not performed if a match is found): + <ul> + <li> If <em>u</em> is equal to the effective uid of the process, look +for a <tt>uid/self</tt> match. </li> + <li> Look for a <tt>uid/<em>u</em></tt> match. </li> + <li> If <em>g</em> is equal to the effective gid of the process, look +for a <tt>gid/self</tt> match. </li> + <li> Look for a <tt>gid/<em>g</em></tt> match. </li> + <li> Look for a <tt>uid/default</tt> match. </li> + </ul> </li> <li> <a name="reversedns" /> <tt>s6_accessrules_keycheck_reversedns</tt> interprets <em>key</em> |