LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

seccomp.2: Reword discussion of execve() and filters 

The existing grouped fork(), clone(), execve() together
in a discussion about child processes. But execve()
does not create a process.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2014-11-02 08:34:47 +01:00
parent 50b4bc2378
commit 2d5fb4bb73
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
man2/seccomp.2
View File

@ -89,12 +89,16 @@ in
.IR errno .
If
.BR fork (2),
.BR clone (2),
.BR fork (2)
or
.BR execve (2)
are allowed by the filter, any child processes will be constrained to
.BR clone (2)
is allowed by the filter, any child processes will be constrained to
the same filters and system calls as the parent.
If
.BR execve (2)
is allowed by the filter,
the filters and constraints on permitted system calls are preserved across an
.BR execve (2).
Prior to using this operation, the process must call
.IR "prctl(PR_SET_NO_NEW_PRIVS,\ 1)"