CVS commit: src/share/man/man9

Mon, 07 Nov 2011 16:55:59 -0800 

Module Name:    src
Committed By:   jym
Date:           Tue Nov  8 00:55:53 UTC 2011

Modified Files:
        src/share/man/man9: kauth.9

Log Message:
Small improvements to kauth(9).


To generate a diff of this commit:
cvs rdiff -u -r1.91 -r1.92 src/share/man/man9/kauth.9

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/share/man/man9/kauth.9
diff -u src/share/man/man9/kauth.9:1.91 src/share/man/man9/kauth.9:1.92
--- src/share/man/man9/kauth.9:1.91	Thu Apr 28 12:22:35 2011
+++ src/share/man/man9/kauth.9	Tue Nov  8 00:55:53 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: kauth.9,v 1.91 2011/04/28 12:22:35 wiz Exp $
+.\" $NetBSD: kauth.9,v 1.92 2011/11/08 00:55:53 jym Exp $
 .\"
 .\" Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org>
 .\" All rights reserved.
@@ -25,7 +25,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd August 10, 2009
+.Dd November 8, 2011
 .Dt KAUTH 9
 .Os
 .Sh NAME
@@ -77,11 +77,21 @@ the requested operation, and possibly ot
 .Pp
 Every listener examines the passed information and returns its decision
 regarding the requested operation.
-It can either allow, deny, or defer the operation -- in which case, the
-decision is left to the other listeners.
+It can either return:
 .Pp
-For an operation to be allowed, all listeners must not return any deny
-or defer decisions.
+.Bl -tag -width KAUTH_RESULT_ALLOW -compact
+.It Dv KAUTH_RESULT_ALLOW
+The listener allows the operation.
+.It Dv KAUTH_RESULT_DENY
+The listener denies the operation.
+.It Dv KAUTH_RESULT_DEFER
+The listener defers the decision to other listeners.
+.El
+.Pp
+For an operation to be allowed, at least one listener has to return
+.Dv KAUTH_RESULT_ALLOW
+while no other listener returned
+.Dv KAUTH_RESULT_DENY .
 .Pp
 Scopes manage listeners that operate in the same aspect of the system.
 .Ss Kernel Programming Interface
@@ -104,12 +114,14 @@ It is declared as
 .Ft int Fn kauth_authorize_action "kauth_scope_t scope" "kauth_cred_t cred" \
 "kauth_action_t op" "void *arg0" "void *arg1" "void *arg2" "void *arg3"
 .Pp
-An authorization request can return one of two possible values.
-Zero indicates success -- the operation is allowed;
-.Er EPERM
-(see
-.Xr errno 2 )
-indicates failure -- the operation is denied.
+An authorization request can return one of two possible values:
+.Bl -tag -width ".It Dv 0 Po zero Pc" -compact
+.It Dv 0 Po zero Pc
+indicates success; operation is allowed.
+.It Dv EPERM
+indicates failure; operation is denied. See
+.Xr errno 2 .
+.El 
 .Pp
 Each scope has its own authorization wrapper, to make it easy to call from various
 places by eliminating the need to specify the scope and/or cast values.

Reply via email to