From f6f7a9848e27fbc1748aec9264e58a2aeaf736db Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 23 Jun 2015 20:42:57 +0200
Subject: man: fully document sd_bus_creds subsystem

[@zonque: typo fixed, reported by @ronnychevalier]
---
 Makefile-man.am                   |  10 +++
 man/sd_bus_creds_get_pid.xml      |  59 ++++++++++-----
 man/sd_bus_creds_new_from_pid.xml | 150 ++++++++++++++++++++++++++------------
 3 files changed, 154 insertions(+), 65 deletions(-)

diff --git a/Makefile-man.am b/Makefile-man.am
index 35874e0b84..950207bd4e 100644
--- a/Makefile-man.am
+++ b/Makefile-man.am
@@ -227,6 +227,7 @@ MANPAGES_ALIAS += \
 	man/reboot.8 \
 	man/sd_bus_creds_get_audit_login_uid.3 \
 	man/sd_bus_creds_get_audit_session_id.3 \
+	man/sd_bus_creds_get_augmented_mask.3 \
 	man/sd_bus_creds_get_cgroup.3 \
 	man/sd_bus_creds_get_cmdline.3 \
 	man/sd_bus_creds_get_comm.3 \
@@ -252,6 +253,7 @@ MANPAGES_ALIAS += \
 	man/sd_bus_creds_get_uid.3 \
 	man/sd_bus_creds_get_unique_name.3 \
 	man/sd_bus_creds_get_unit.3 \
+	man/sd_bus_creds_get_user_slice.3 \
 	man/sd_bus_creds_get_user_unit.3 \
 	man/sd_bus_creds_get_well_known_names.3 \
 	man/sd_bus_creds_has_bounding_cap.3 \
@@ -511,6 +513,7 @@ man/poweroff.8: man/halt.8
 man/reboot.8: man/halt.8
 man/sd_bus_creds_get_audit_login_uid.3: man/sd_bus_creds_get_pid.3
 man/sd_bus_creds_get_audit_session_id.3: man/sd_bus_creds_get_pid.3
+man/sd_bus_creds_get_augmented_mask.3: man/sd_bus_creds_new_from_pid.3
 man/sd_bus_creds_get_cgroup.3: man/sd_bus_creds_get_pid.3
 man/sd_bus_creds_get_cmdline.3: man/sd_bus_creds_get_pid.3
 man/sd_bus_creds_get_comm.3: man/sd_bus_creds_get_pid.3
@@ -536,6 +539,7 @@ man/sd_bus_creds_get_tty.3: man/sd_bus_creds_get_pid.3
 man/sd_bus_creds_get_uid.3: man/sd_bus_creds_get_pid.3
 man/sd_bus_creds_get_unique_name.3: man/sd_bus_creds_get_pid.3
 man/sd_bus_creds_get_unit.3: man/sd_bus_creds_get_pid.3
+man/sd_bus_creds_get_user_slice.3: man/sd_bus_creds_get_pid.3
 man/sd_bus_creds_get_user_unit.3: man/sd_bus_creds_get_pid.3
 man/sd_bus_creds_get_well_known_names.3: man/sd_bus_creds_get_pid.3
 man/sd_bus_creds_has_bounding_cap.3: man/sd_bus_creds_get_pid.3
@@ -925,6 +929,9 @@ man/sd_bus_creds_get_audit_login_uid.html: man/sd_bus_creds_get_pid.html
 man/sd_bus_creds_get_audit_session_id.html: man/sd_bus_creds_get_pid.html
 	$(html-alias)
 
+man/sd_bus_creds_get_augmented_mask.html: man/sd_bus_creds_new_from_pid.html
+	$(html-alias)
+
 man/sd_bus_creds_get_cgroup.html: man/sd_bus_creds_get_pid.html
 	$(html-alias)
 
@@ -1000,6 +1007,9 @@ man/sd_bus_creds_get_unique_name.html: man/sd_bus_creds_get_pid.html
 man/sd_bus_creds_get_unit.html: man/sd_bus_creds_get_pid.html
 	$(html-alias)
 
+man/sd_bus_creds_get_user_slice.html: man/sd_bus_creds_get_pid.html
+	$(html-alias)
+
 man/sd_bus_creds_get_user_unit.html: man/sd_bus_creds_get_pid.html
 	$(html-alias)
 
diff --git a/man/sd_bus_creds_get_pid.xml b/man/sd_bus_creds_get_pid.xml
index 13f885cd5d..4162fab065 100644
--- a/man/sd_bus_creds_get_pid.xml
+++ b/man/sd_bus_creds_get_pid.xml
@@ -61,8 +61,9 @@
     <refname>sd_bus_creds_get_cmdline</refname>
     <refname>sd_bus_creds_get_cgroup</refname>
     <refname>sd_bus_creds_get_unit</refname>
-    <refname>sd_bus_creds_get_user_unit</refname>
     <refname>sd_bus_creds_get_slice</refname>
+    <refname>sd_bus_creds_get_user_unit</refname>
+    <refname>sd_bus_creds_get_user_slice</refname>
     <refname>sd_bus_creds_get_session</refname>
     <refname>sd_bus_creds_get_owner_uid</refname>
     <refname>sd_bus_creds_has_effective_cap</refname>
@@ -192,6 +193,12 @@
         <paramdef>const char **<parameter>unit</parameter></paramdef>
       </funcprototype>
 
+      <funcprototype>
+        <funcdef>int <function>sd_bus_creds_get_slice</function></funcdef>
+        <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
+        <paramdef>const char **<parameter>slice</parameter></paramdef>
+      </funcprototype>
+
       <funcprototype>
         <funcdef>int <function>sd_bus_creds_get_user_unit</function></funcdef>
         <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
@@ -199,7 +206,7 @@
       </funcprototype>
 
       <funcprototype>
-        <funcdef>int <function>sd_bus_creds_get_slice</function></funcdef>
+        <funcdef>int <function>sd_bus_creds_get_user_slice</function></funcdef>
         <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
         <paramdef>const char **<parameter>slice</parameter></paramdef>
       </funcprototype>
@@ -288,9 +295,9 @@
   <refsect1>
     <title>Description</title>
 
-    <para>These functions return information from an
-    <parameter>sd_bus_creds</parameter> credential object. Credential
-    objects may be created with
+    <para>These functions return credential information from an
+    <parameter>sd_bus_creds</parameter> object. Credential objects may
+    be created with
     <citerefentry><refentrytitle>sd_bus_creds_new_from_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
     in which case they describe the credentials of the process
     identified by the specified PID, with
@@ -301,7 +308,13 @@
     in which case they describe the credentials of the creator of a
     bus, or with
     <citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-    in which case they describe the credentials of the sender of the message.</para>
+    in which case they describe the credentials of the sender of the
+    message.</para>
+
+    <para>Not all credential fields are part of every
+    <literal>sd_bus_creds</literal> object. Use
+    <citerefentry><refentrytitle>sd_bus_creds_get_mask</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+    to determine the mask of fields available.</para>
 
     <para><function>sd_bus_creds_get_pid()</function> will retrieve
     the PID (process identifier). Similar,
@@ -374,19 +387,22 @@
     <para><function>sd_bus_creds_get_slice()</function> will retrieve
     the systemd slice (a unit in the system instance of systemd) that
     the process is part of. See
-    <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+    <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>. Similar,
+    <function>sd_bus_creds_get_user_slice()</function> retrieves the
+    systemd slice of the process, in the user instance of systemd.
     </para>
 
     <para><function>sd_bus_creds_get_session()</function> will
-    retrieve the logind session that the process is part of. See
+    retrieve the identifier of the login session that the process is
+    part of. See
     <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. For
     processes that are not part of a session returns -ENXIO.
     </para>
 
     <para><function>sd_bus_creds_get_owner_uid()</function> will
     retrieve the numeric UID (user identifier) of the user who owns
-    the session that the process is part of. See
-    <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+    the login session that the process is part of. See
+    <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
     For processes that are not part of a session returns -ENXIO.
     </para>
 
@@ -395,7 +411,7 @@
     <parameter>capability</parameter> was set in the effective
     capabilities mask. A positive return value means that is was
     set, zero means that it was not set, and a negative return
-    value signifies an error. See
+    value indicates an error. See
     <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
     and <varname>Capabilities=</varname> and
     <varname>CapabilityBoundingSet=</varname> settings in
@@ -427,8 +443,8 @@
     processes that are not part of an audit session.</para>
 
     <para><function>sd_bus_creds_get_tty()</function> will retrieve
-    the controlling TTY. Returns -ENXIO for processes that have no
-    controlling TTY.</para>
+    the controlling TTY, without the prefixing "/dev/". Returns -ENXIO
+    for processes that have no controlling TTY.</para>
 
     <para><function>sd_bus_creds_get_unique_name()</function> will
     retrieve the D-Bus unique name. See <ulink
@@ -489,8 +505,9 @@
         <listitem><para>Given field is not specified for the described
         process or peer. This will be returned by
         <function>sd_bus_get_unit()</function>,
-        <function>sd_bus_get_user_unit()</function>,
         <function>sd_bus_get_slice()</function>,
+        <function>sd_bus_get_user_unit()</function>,
+        <function>sd_bus_get_user_slice()</function>,
         <function>sd_bus_get_session()</function>, and
         <function>sd_bus_get_owner_uid()</function> if the process is
         not part of a systemd system unit, systemd user unit, systemd
@@ -526,10 +543,11 @@
   <refsect1>
     <title>Notes</title>
 
-    <para><function>sd_bus_open_user()</function> and other functions
-    described here are available as a shared library, which can be
-    compiled and linked to with the
-    <constant>libsystemd</constant> <citerefentry project='die-net'><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+    <para><function>sd_bus_creds_get_pid()</function> and the other
+    functions described here are available as a shared library, which
+    can be compiled and linked to with the
+    <constant>libsystemd</constant> <citerefentry
+    project='die-net'><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry>
     file.</para>
   </refsect1>
 
@@ -539,8 +557,9 @@
     <para>
       <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>fork</refentrytitle><manvolnum>2</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>execve</refentrytitle><manvolnum>2</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>sd_bus_creds_new_from_pid</refentrytitle><manvolnum>2</manvolnum></citerefentry>,
+      <citerefentry project='man-pages'><refentrytitle>fork</refentrytitle><manvolnum>2</manvolnum></citerefentry>,
+      <citerefentry project='man-pages'><refentrytitle>execve</refentrytitle><manvolnum>2</manvolnum></citerefentry>,
       <citerefentry project='man-pages'><refentrytitle>credentials</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
       <citerefentry project='man-pages'><refentrytitle>free</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
       <citerefentry project='man-pages'><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
diff --git a/man/sd_bus_creds_new_from_pid.xml b/man/sd_bus_creds_new_from_pid.xml
index 8c054a5905..a78d3f5717 100644
--- a/man/sd_bus_creds_new_from_pid.xml
+++ b/man/sd_bus_creds_new_from_pid.xml
@@ -45,6 +45,7 @@
   <refnamediv>
     <refname>sd_bus_creds_new_from_pid</refname>
     <refname>sd_bus_creds_get_mask</refname>
+    <refname>sd_bus_creds_get_augmented_mask</refname>
     <refname>sd_bus_creds_ref</refname>
     <refname>sd_bus_creds_unref</refname>
 
@@ -67,6 +68,11 @@
         <paramdef>const sd_bus_creds *<parameter>c</parameter></paramdef>
       </funcprototype>
 
+      <funcprototype>
+        <funcdef>uint64_t <function>sd_bus_creds_get_augmented_mask</function></funcdef>
+        <paramdef>const sd_bus_creds *<parameter>c</parameter></paramdef>
+      </funcprototype>
+
       <funcprototype>
         <funcdef>sd_bus_creds *<function>sd_bus_creds_ref</function></funcdef>
         <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
@@ -80,17 +86,26 @@
 
     <para>
       <constant>SD_BUS_CREDS_PID</constant>,
+      <constant>SD_BUS_CREDS_PPID</constant>,
       <constant>SD_BUS_CREDS_TID</constant>,
       <constant>SD_BUS_CREDS_UID</constant>,
+      <constant>SD_BUS_CREDS_EUID</constant>,
+      <constant>SD_BUS_CREDS_SUID</constant>,
+      <constant>SD_BUS_CREDS_FSUID</constant>,
       <constant>SD_BUS_CREDS_GID</constant>,
+      <constant>SD_BUS_CREDS_EGID</constant>,
+      <constant>SD_BUS_CREDS_SGID</constant>,
+      <constant>SD_BUS_CREDS_FSGID</constant>,
+      <constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>,
       <constant>SD_BUS_CREDS_COMM</constant>,
       <constant>SD_BUS_CREDS_TID_COMM</constant>,
       <constant>SD_BUS_CREDS_EXE</constant>,
       <constant>SD_BUS_CREDS_CMDLINE</constant>,
       <constant>SD_BUS_CREDS_CGROUP</constant>,
       <constant>SD_BUS_CREDS_UNIT</constant>,
-      <constant>SD_BUS_CREDS_USER_UNIT</constant>,
       <constant>SD_BUS_CREDS_SLICE</constant>,
+      <constant>SD_BUS_CREDS_USER_UNIT</constant>,
+      <constant>SD_BUS_CREDS_USER_SLICE</constant>,
       <constant>SD_BUS_CREDS_SESSION</constant>,
       <constant>SD_BUS_CREDS_OWNER_UID</constant>,
       <constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>,
@@ -100,8 +115,11 @@
       <constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>,
       <constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>,
       <constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>,
+      <constant>SD_BUS_CREDS_TTY</constant>,
       <constant>SD_BUS_CREDS_UNIQUE_NAME</constant>,
       <constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>,
+      <constant>SD_BUS_CREDS_DESCRIPTION</constant>,
+      <constant>SD_BUS_CREDS_AUGMENT</constant>,
       <constant>_SD_BUS_CREDS_ALL</constant>
     </para>
   </refsynopsisdiv>
@@ -109,25 +127,39 @@
   <refsect1>
     <title>Description</title>
 
-    <para><function>sd_bus_creds_new_from_pid()</function> creates a new
-    credentials object and fills it with information about the process
-    <parameter>pid</parameter>. This pointer to this object will
-    be stored in <parameter>ret</parameter> pointer.</para>
+    <para><function>sd_bus_creds_new_from_pid()</function> creates a
+    new credentials object and fills it with information about the
+    process <parameter>pid</parameter>. The pointer to this object
+    will be stored in <parameter>ret</parameter> pointer. Note that
+    credential objects may also be created and retrieved via
+    <citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+    <citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+    and
+    <citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para>
 
     <para>The information that will be stored is determined by
     <parameter>creds_mask</parameter>. It may contain a subset of ORed
     constants <constant>SD_BUS_CREDS_PID</constant>,
+    <constant>SD_BUS_CREDS_PPID</constant>,
     <constant>SD_BUS_CREDS_TID</constant>,
     <constant>SD_BUS_CREDS_UID</constant>,
+    <constant>SD_BUS_CREDS_EUID</constant>,
+    <constant>SD_BUS_CREDS_SUID</constant>,
+    <constant>SD_BUS_CREDS_FSUID</constant>,
     <constant>SD_BUS_CREDS_GID</constant>,
+    <constant>SD_BUS_CREDS_EGID</constant>,
+    <constant>SD_BUS_CREDS_SGID</constant>,
+    <constant>SD_BUS_CREDS_FSGID</constant>,
+    <constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>,
     <constant>SD_BUS_CREDS_COMM</constant>,
     <constant>SD_BUS_CREDS_TID_COMM</constant>,
     <constant>SD_BUS_CREDS_EXE</constant>,
     <constant>SD_BUS_CREDS_CMDLINE</constant>,
     <constant>SD_BUS_CREDS_CGROUP</constant>,
     <constant>SD_BUS_CREDS_UNIT</constant>,
-    <constant>SD_BUS_CREDS_USER_UNIT</constant>,
     <constant>SD_BUS_CREDS_SLICE</constant>,
+    <constant>SD_BUS_CREDS_USER_UNIT</constant>,
+    <constant>SD_BUS_CREDS_USER_SLICE</constant>,
     <constant>SD_BUS_CREDS_SESSION</constant>,
     <constant>SD_BUS_CREDS_OWNER_UID</constant>,
     <constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>,
@@ -137,34 +169,71 @@
     <constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>,
     <constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>,
     <constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>,
+    <constant>SD_BUS_CREDS_TTY</constant>,
     <constant>SD_BUS_CREDS_UNIQUE_NAME</constant>,
     <constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>,
-    or <constant>_SD_BUS_CREDS_ALL</constant> to indicate
-    all known fields.</para>
+    <constant>SD_BUS_CREDS_DESCRIPTION</constant>. Use the special
+    value <constant>_SD_BUS_CREDS_ALL</constant> to request all
+    supported fields. The <constant>SD_BUS_CREDS_AUGMENT</constant>
+    may not be ORed into the mask for invocations of
+    <function>sd_bus_creds_new_from_pid()</function>.</para>
 
     <para>Fields can be retrieved from the credentials object using
     <citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry>
     and other functions which correspond directly to the constants
     listed above.</para>
 
-    <para>A mask of fields which were actually successfully set
-    (acquired from <filename>/proc</filename>, etc.) can be retrieved
-    with <function>sd_bus_creds_get_mask()</function>. If the
-    credentials object was created with
+    <para>A mask of fields which were actually successfully retrieved
+    can be retrieved with
+    <function>sd_bus_creds_get_mask()</function>. If the credentials
+    object was created with
     <function>sd_bus_creds_new_from_pid()</function>, this will be a
     subset of fields requested in <parameter>creds_mask</parameter>.
     </para>
 
-    <para><function>sd_bus_creds_ref</function> creates a new
+    <para>Similar to <function>sd_bus_creds_get_mask()</function> the
+    function <function>sd_bus_creds_get_augmented_mask()</function>
+    returns a bitmask of field constants. The mask indicates which
+    credential fields have been retrieved in a non-atomic fashion. For
+    credential objects created via
+    <function>sd_bus_creds_new_from_pid()</function> this mask will be
+    identical to the mask returned by
+    <function>sd_bus_creds_get_mask()</function>. However, for
+    credential objects retrieved via
+    <function>sd_bus_get_name_creds()</function> this mask will be set
+    for the credential fields that could not be determined atomically
+    at peer connection time, and which were later added by reading
+    augmenting credential data from
+    <filename>/proc</filename>. Similar, for credential objects
+    retrieved via <function>sd_bus_get_owner_creds()</function> the
+    mask is set for the fields that could not be determined atomically
+    at bus creation time, but have been augmented. Similar, for
+    credential objects retrieved via
+    <function>sd_bus_message_get_creds()</function> the mask is set
+    for the fields that could not be determined atomically at message
+    send time, but have been augmented. The mask returned by
+    <function>sd_bus_creds_get_augmented_mask()</function> is always a
+    subset of (or identical to) the mask returned by
+    <function>sd_bus_creds_get_mask()</function> for the same
+    object. The latter call hence returns all credential fields
+    available in the credential object, the former then marks the
+    subset of those that have been augmented. Note that augmented
+    fields are unsuitable for authorization decisions as they may be
+    retrieved at different times, thus being subject to races. Hence
+    augmented fields should be used exclusively for informational
+    purposes.
+    </para>
+
+    <para><function>sd_bus_creds_ref()</function> creates a new
     reference to the credentials object <parameter>c</parameter>. This
     object will not be destroyed until
-    <function>sd_bus_creds_unref</function> has been called as many
+    <function>sd_bus_creds_unref()</function> has been called as many
     times plus once more. Once the reference count has dropped to zero,
     <parameter>c</parameter> cannot be used anymore, so further
     calls to <function>sd_bus_creds_ref(c)</function> or
     <function>sd_bus_creds_unref(c)</function> are illegal.</para>
 
-    <para><function>sd_bus_creds_unref</function> destroys a reference
+    <para><function>sd_bus_creds_unref()</function> destroys a reference
     to <parameter>c</parameter>.</para>
   </refsect1>
 
@@ -178,10 +247,15 @@
     <para><function>sd_bus_creds_get_mask()</function> returns the
     mask of successfully acquired fields.</para>
 
-    <para><function>sd_bus_creds_ref</function> always returns the
+    <para><function>sd_bus_creds_get_augmented_mask()</function>
+    returns the mask of fields that have been augmented from data in
+    <filename>/proc</filename>, and are thus not suitable for
+    authorization decisions.</para>
+
+    <para><function>sd_bus_creds_ref()</function> always returns the
     argument.</para>
 
-    <para><function>sd_bus_creds_unref</function> always returns
+    <para><function>sd_bus_creds_unref()</function> always returns
     <constant>NULL</constant>.</para>
   </refsect1>
 
@@ -222,16 +296,23 @@
 
         <listitem><para>Memory allocation failed.</para></listitem>
       </varlistentry>
+
+      <varlistentry>
+        <term><constant>-EOPNOTSUPP</constant></term>
+
+        <listitem><para>One of the requested fields is unknown to the local system.</para></listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 
   <refsect1>
     <title>Notes</title>
 
-    <para><function>sd_bus_creds_new_from_pid()</function> is
-    available as a shared library, which can be compiled and linked to
-    with the
-    <constant>libsystemd</constant> <citerefentry project='die-net'><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+    <para><function>sd_bus_creds_new_from_pid()</function> and the
+    other calls described here are available as a shared library,
+    which can be compiled and linked to with the
+    <constant>libsystemd</constant> <citerefentry
+    project='die-net'><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry>
     file.</para>
   </refsect1>
 
@@ -241,31 +322,10 @@
     <para>
       <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_ref</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_unref</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_get_tid</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_get_uid</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_get_gid</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_get_comm</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_get_tid_comm</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_get_exe</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_get_cmdline</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_get_cgroup</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_get_unit</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_get_user_unit</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_get_slice</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_get_session</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_get_owner_uid</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_has_effective_cap</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_has_permitted_cap</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_has_inheritable_cap</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_has_bounding_cap</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_get_selinux_context</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_get_audit_session_id</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_get_audit_login_uid</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_get_unique_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
-      <citerefentry><refentrytitle>sd_bus_creds_get_well_known_names</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+      <citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>
     </para>
   </refsect1>
 
-- 
cgit v1.2.3-54-g00ecf