The branch main has been updated by olce:
URL:
https://cgit.FreeBSD.org/src/commit/?id=94828b33803314b5c8e833b233ca6894a340aa88
commit 94828b33803314b5c8e833b233ca6894a340aa88
Author: Olivier Certner <o...@freebsd.org>
AuthorDate: 2025-06-11 23:07:49 +0000
Commit: Olivier Certner <o...@freebsd.org>
CommitDate: 2025-06-11 23:10:37 +0000
mac_do(4): Examples: Fix some descriptions and a typo
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
---
share/man/man4/mac_do.4 | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/share/man/man4/mac_do.4 b/share/man/man4/mac_do.4
index 4c067205225c..f64eae600436 100644
--- a/share/man/man4/mac_do.4
+++ b/share/man/man4/mac_do.4
@@ -348,12 +348,12 @@ Here are several examples of single rules matching
processes having a real user
ID of 10001:
.Bl -tag -width indent
.It Li uid=10001>uid=10002
-Allows the process to switch any of its real, effective or saved user ID to
+Allows the process to switch all of its real, effective or saved user ID to
10002, but keeping the groups it is already in, and with the same
primary/supplementary groups split.
.It Li uid=10001>uid=10002,uid=10003
Same as the first example, but also allows to switch to UID 10003 instead of
-10002.
+10002, or possibly having both in different user IDs.
.It Li uid=10001>uid=10002,gid=10002
Same as the first example, but the new primary groups must be set to 10002 and
no supplementary groups should be set.
@@ -387,7 +387,7 @@ group, allowing its members to switch to root without
password.
.It Li gid=10001>gid=10002
Allows the process to enter GID 10002 as a primary group, but only if
giving up all its supplementary groups.
-.It Li security.mac.do.rules=gid=10001>gid=10002,+gid=.\&
+.It Li gid=10001>gid=10002,+gid=.\&
Same as the previous example, but allows to retain any current supplementary
groups.
.It Li gid=10001>gid=10002,!gid=.\&
