security(7): security.bsd.see*: Be more accurate

Reviewed by:            mhorne, pauamma_gundo.com
MFC after:              2 weeks
Sponsored by:           Kumacom SAS
Differential Revision:  https://reviews.freebsd.org/D41108

1 files changed, 6 insertions, 4 deletions

diff --git a/share/man/man7/security.7 b/share/man/man7/security.7
index 63b984ff66dd..6d6742fca0bb 100644
--- a/share/man/man7/security.7
+++ b/share/man/man7/security.7
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd March 30, 2023
+.Dd August 18, 2023
 .Dt SECURITY 7
 .Os
 .Sh NAME
@@ -959,16 +959,18 @@ Backwards compatibility shims for the interim sysctls under
 will not be added.
 .Bl -tag -width security.bsd.unprivileged_proc_debug
 .It Dv security.bsd.see_other_uids
-Controls visibility of processes owned by different uid.
+Controls visibility and reachability of subjects (e.g., processes) and objects
+(e.g., sockets) owned by a different uid.
 The knob directly affects the
 .Dv kern.proc
 sysctls filtering of data, which results in restricted output from
 utilities like
 .Xr ps 1 .
 .It Dv security.bsd.see_other_gids
-Same, for processes owned by different gid.
+Same, for subjects and objects owned by a different gid.
 .It Dv security.bsd.see_jail_proc
-Same, for processes belonging to a jail.
+Same, for subjects and objects belonging to a different jail, including
+sub-jails.
 .It Dv security.bsd.conservative_signals
 When enabled, unprivileged users are only allowed to send job control
 and usual termination signals like