From 1cca69d3a70439e84a9e15c7d675883d44e42bfe Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Wed, 28 Jul 2021 22:19:53 +0200 Subject: [PATCH] seccomp_unotify.2: Minor tweaks to Rodrigo's patch Signed-off-by: Alejandro Colomar Signed-off-by: Michael Kerrisk --- man2/seccomp_unotify.2 | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/man2/seccomp_unotify.2 b/man2/seccomp_unotify.2 index 9bd27214f..ae449ae36 100644 --- a/man2/seccomp_unotify.2 +++ b/man2/seccomp_unotify.2 @@ -740,16 +740,18 @@ use the file descriptor number specified in the .I newfd field. .TP -.BR SECCOMP_ADDFD_FLAG_SEND -Available since Linux 5.14, combines the +.BR SECCOMP_ADDFD_FLAG_SEND " (since Linux 5.14)" +Combines the .B SECCOMP_IOCTL_NOTIF_ADDFD ioctl with .B SECCOMP_IOCTL_NOTIF_SEND -into an atomic operation. On successful invocation, the target process's -errno will be 0 and the return value will be the file descriptor number that was -installed in the target. If allocating the file descriptor in the tatget fails, -the target's syscall continues to be blocked until a successful response is -sent. +into an atomic operation. +On successful invocation, the target process's errno will be 0 +and the return value will be the file descriptor number +that was installed in the target. +If allocating the file descriptor in the tatget fails, +the target's syscall continues to be blocked +until a successful response is sent. .RE .TP .I srcfd @@ -1149,14 +1151,6 @@ that would normally be restarted by the .BR SA_RESTART flag. -.PP -Furthermore, if the supervisor response is a file descriptor -added with -.B SECCOMP_IOCTL_NOTIF_ADDFD, -then the flag -.B SECCOMP_ADDFD_FLAG_SEND -can be used to atomically add the file descriptor and return that value, -making sure no file descriptors are inadvertently leaked into the target. .\" FIXME .\" About the above, Kees Cook commented: .\" @@ -1176,6 +1170,14 @@ making sure no file descriptors are inadvertently leaked into the target. .\" calls because it's impossible for the kernel to restart the call .\" with the right timeout value. I wonder what happens when those .\" system calls are restarted in the scenario we're discussing.) +.PP +Furthermore, if the supervisor response is a file descriptor +added with +.B SECCOMP_IOCTL_NOTIF_ADDFD, +then the flag +.B SECCOMP_ADDFD_FLAG_SEND +can be used to atomically add the file descriptor and return that value, +making sure no file descriptors are inadvertently leaked into the target. .SH BUGS If a .BR SECCOMP_IOCTL_NOTIF_RECV