git: 22e1db5995e6 - releng/14.0 - security(7): security.bsd.see*: Be more accurate

From: Mitchell Horne <mhorne_at_FreeBSD.org>
Date: Wed, 18 Oct 2023 18:03:59 UTC
The branch releng/14.0 has been updated by mhorne:

URL: https://cgit.FreeBSD.org/src/commit/?id=22e1db5995e605f8b99eba6779ae153e49557b5d

commit 22e1db5995e605f8b99eba6779ae153e49557b5d
Author:     Olivier Certner <olce.freebsd@certner.fr>
AuthorDate: 2023-08-17 23:54:48 +0000
Commit:     Mitchell Horne <mhorne@FreeBSD.org>
CommitDate: 2023-10-18 18:02:07 +0000

    security(7): security.bsd.see*: Be more accurate
    
    Approved by:            re (gjb)
    Reviewed by:            mhorne, pauamma_gundo.com
    Sponsored by:           Kumacom SAS
    Differential Revision:  https://reviews.freebsd.org/D41108
    
    (cherry picked from commit 61b6e00bee1d39e9c688e728fbf3a4efcdb61e66)
    (cherry picked from commit 74f2fb1778e815bfd982ca8a09f5b31dd93ccd0f)
---
 share/man/man7/security.7 | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/share/man/man7/security.7 b/share/man/man7/security.7
index ebe5e66e22af..a48e3607f0e5 100644
--- a/share/man/man7/security.7
+++ b/share/man/man7/security.7
@@ -959,16 +959,18 @@ Backwards compatibility shims for the interim sysctls under
 will not be added.
 .Bl -tag -width security.bsd.unprivileged_proc_debug
 .It Dv security.bsd.see_other_uids
-Controls visibility of processes owned by different uid.
+Controls visibility and reachability of subjects (e.g., processes) and objects
+(e.g., sockets) owned by a different uid.
 The knob directly affects the
 .Dv kern.proc
 sysctls filtering of data, which results in restricted output from
 utilities like
 .Xr ps 1 .
 .It Dv security.bsd.see_other_gids
-Same, for processes owned by different gid.
+Same, for subjects and objects owned by a different gid.
 .It Dv security.bsd.see_jail_proc
-Same, for processes belonging to a jail.
+Same, for subjects and objects belonging to a different jail, including
+sub-jails.
 .It Dv security.bsd.conservative_signals
 When enabled, unprivileged users are only allowed to send job control
 and usual termination signals like