security(7): security.bsd.see*: Be more accurate

Reviewed by: mhorne, pauamma_gundo.com MFC after: 2 weeks Sponsored by: Kumacom SAS Differential Revision: https://reviews.freebsd.org/D41108 (cherry picked from commit 61b6e00bee)
2026-06-09 00:32:25 -04:00 · 2023-08-18 01:54:48 +02:00 · 2023-08-18 01:54:48 +02:00 · 4a85852519
commit 4a85852519
parent b6b76c1c09
1 changed files with 5 additions and 3 deletions
--- a/share/man/man7/security.7
+++ b/share/man/man7/security.7
@ -959,16 +959,18 @@ Backwards compatibility shims for the interim sysctls under
 will not be added.
 .Bl -tag -width security.bsd.unprivileged_proc_debug
 .It Dv security.bsd.see_other_uids
-Controls visibility of processes owned by different uid.
+Controls visibility and reachability of subjects (e.g., processes) and objects
+(e.g., sockets) owned by a different uid.
 The knob directly affects the
 .Dv kern.proc
 sysctls filtering of data, which results in restricted output from
 utilities like
 .Xr ps 1 .
 .It Dv security.bsd.see_other_gids
-Same, for processes owned by different gid.
+Same, for subjects and objects owned by a different gid.
 .It Dv security.bsd.see_jail_proc
-Same, for processes belonging to a jail.
+Same, for subjects and objects belonging to a different jail, including
+sub-jails.
 .It Dv security.bsd.conservative_signals
 When enabled, unprivileged users are only allowed to send job control
 and usual termination signals like