6229 manpages about privileges are out of date wrt basicset and new p…

…rivs in it Reviewed by: Robert Mustacchi <rm@joyent.com> Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com> Reviewed by: Josef 'Jeff' Sipek <jeffpc@josefsipek.net> Approved by: Dan McDonald <danmcd@omniti.com>
illumos · Sep 30, 2015 · 8cee14c · 8cee14c
1 parent adb2613
commit 8cee14c
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 14 deletions.
diff --git a/usr/src/man/man3c/priv_addset.3c b/usr/src/man/man3c/priv_addset.3c
@@ -3,11 +3,12 @@
 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH PRIV_ADDSET 3C "Jan 28, 2005"
+.TH PRIV_ADDSET 3C "Sep 08, 2015"
 .SH NAME
 priv_addset, priv_allocset, priv_copyset, priv_delset, priv_emptyset,
-priv_fillset, priv_freeset, priv_intersect, priv_inverse, priv_isemptyset,
-priv_isequalset, priv_isfullset, priv_ismember, priv_issubset, priv_union \-
+priv_basicset, priv_fillset, priv_freeset, priv_intersect, priv_inverse,
+priv_isemptyset, priv_isequalset, priv_isfullset, priv_ismember,
+priv_issubset, priv_union \-
 privilege set manipulation functions
 .SH SYNOPSIS
 .LP
@@ -37,6 +38,11 @@ privilege set manipulation functions
 \fBvoid\fR \fBpriv_emptyset\fR(\fBpriv_set_t *\fR\fIsp\fR);
 .fi
 
+.LP
+.nf
+\fBvoid\fR \fBpriv_basicset\fR(\fBpriv_set_t *\fR\fIsp\fR);
+.fi
+
 .LP
 .nf
 \fBvoid\fR \fBpriv_fillset\fR(\fBpriv_set_t *\fR\fIsp\fR);
@@ -88,7 +94,6 @@ privilege set manipulation functions
 .fi
 
 .SH DESCRIPTION
-.sp
 .LP
 The \fIsp\fR, \fIsrc\fR, and \fIdst\fR arguments point to privilege sets. The
 \fIpriv\fR argument points to a named privilege.
@@ -114,6 +119,9 @@ The \fBpriv_delset()\fR function removes the named privilege \fIpriv\fR from
 The \fBpriv_emptyset()\fR function clears all privileges from \fIsp\fR.
 .sp
 .LP
+The \fBpriv_basicset()\fR function copies the basic privilege set to \fIsp\fR.
+.sp
+.LP
 The \fBpriv_fillset()\fR function asserts all privileges in \fIsp\fR, including
 the privileges not currently defined in the system.
 .sp
@@ -154,7 +162,6 @@ The \fBpriv_issubset()\fR function checks whether \fIsrc\fR is a subset of
 The \fBpriv_union()\fR function takes the union of \fIsrc\fR and \fIdst\fR and
 places the result in \fIdst\fR.
 .SH RETURN VALUES
-.sp
 .LP
 Upon successful completion, \fBpriv_allocset()\fR returns a pointer to an
 opaque data structure. It returns \fINULL\fR if memory allocation fails and
@@ -169,7 +176,6 @@ return \fBB_TRUE\fR. Otherwise, they return \fBB_FALSE\fR.
 Upon successful completion, \fBpriv_delset()\fR and \fBpriv_addset()\fR return
 0. Otherwise, they return -1 and set \fBerrno\fR to indicate the error.
 .SH ERRORS
-.sp
 .LP
 The \fBpriv_allocset()\fR function will fail if:
 .sp
@@ -205,7 +211,6 @@ The privilege argument is not a valid privilege name.
 .RE
 
 .SH ATTRIBUTES
-.sp
 .LP
 See \fBattributes\fR(5) for descriptions of the following attributes:
 .sp
@@ -223,12 +228,10 @@ MT-Level	MT-Safe
 .TE
 
 .SH SEE ALSO
-.sp
 .LP
 \fBsetppriv\fR(2), \fBmalloc\fR(3C), \fBpriv_str_to_set\fR(3C),
 \fBattributes\fR(5), \fBprivileges\fR(5)
 .SH NOTES
-.sp
 .LP
 The functions that compare sets operate on all bits of the set, regardless of
 whether the specific privileges are currently defined in the system.
diff --git a/usr/src/man/man5/privileges.5 b/usr/src/man/man5/privileges.5
@@ -4,7 +4,7 @@
 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
 .\"  See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with
 .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH PRIVILEGES 5 "Feb 3, 2015"
+.TH PRIVILEGES 5 "Sep 8, 2015"
 .SH NAME
 privileges \- process privilege model
 .SH DESCRIPTION
@@ -235,7 +235,9 @@ modify that file's or directory's permission bits or ACL.
 .ad
 .sp .6
 .RS 4n
-Allow a process to read objects in the filesystem.
+Allow a process to open objects in the filesystem for reading. This
+privilege is not necessary to read from an already open file which was opened
+before dropping the \fBPRIV_FILE_READ\fR privilege.
 .RE
 
 .sp
@@ -275,7 +277,9 @@ Extensions.
 .ad
 .sp .6
 .RS 4n
-Allow a process to modify objects in the filesytem.
+Allow a process to open objects in the filesytem for writing, or otherwise
+modify them. This privilege is not necessary to write to an already open file
+which was opened before dropping the \fBPRIV_FILE_WRITE\fR privilege.
 .RE
 
 .sp
@@ -344,7 +348,9 @@ Segment.
 .ad
 .sp .6
 .RS 4n
-Allow a process to open a TCP, UDP, SDP, or SCTP network endpoint.
+Allow a process to open a TCP, UDP, SDP, or SCTP network endpoint. This
+privilege is not necessary to communicate using an existing endpoint already
+opened before dropping the \fBPRIV_NET_ACCESS\fR privilege.
 .RE
 
 .sp
@@ -1057,7 +1063,8 @@ x86 platforms.
 .sp
 .LP
 Of the privileges listed above, the privileges \fBPRIV_FILE_LINK_ANY\fR,
-\fBPRIV_PROC_INFO\fR, \fBPRIV_PROC_SESSION\fR, \fBPRIV_PROC_FORK\fR and
+\fBPRIV_PROC_INFO\fR, \fBPRIV_PROC_SESSION\fR, \fBPRIV_PROC_FORK\fR,
+\fBPRIV_FILE_READ\fR, \fBPRIV_FILE_WRITE\fR, \fBPRIV_NET_ACCESS\fR and
 \fBPRIV_PROC_EXEC\fR are considered "basic" privileges. These are privileges
 that used to be always available to unprivileged processes. By default,
 processes still have the basic privileges.