seccomp.2: Document the "default" filter return action

The kernel defaults to either SECCOMP_RET_KILL_PROCESS or SECCOMP_RET_KILL_THREAD for unrecognized filter return action values. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-19 10:26:59 +01:00 · 2017-11-19 10:26:59 +01:00 · 0771269c60
parent b61f53a44e
commit 0771269c60
1 changed files with 11 additions and 1 deletions
--- a/man2/seccomp.2
+++ b/man2/seccomp.2
@ -224,7 +224,7 @@ Test to see if an action is supported by the kernel.
 This operation is helpful to confirm that the kernel knows
 of a more recently added filter return action
 since the kernel treats all unknown actions as
-.BR SECCOMP_RET_KILL .
+.BR SECCOMP_RET_KILL_PROCESS .
 .IP
 The value of
 .IR flags
@ -567,6 +567,16 @@ file.
 .TP
 .BR SECCOMP_RET_ALLOW
 This value results in the system call being executed.
+.PP
+If an action value other than one of the above is specified,
+then the filter action is treated as either
+.BR SECCOMP_RET_KILL_PROCESS
+(since Linux 4.14)
+.\" commit 4d3b0b05aae9ee9ce0970dc4cc0fb3fad5e85945
+or
+.BR SECCOMP_RET_KILL_THREAD
+(in Linux 4.13 and earlier).
+.\"
 .SS /proc interfaces
 The files in the directory
 .IR /proc/sys/kernel/seccomp