mirror of https://github.com/mkerrisk/man-pages
seccomp.2: Reword discussion of execve() and filters
The existing grouped fork(), clone(), execve() together in a discussion about child processes. But execve() does not create a process. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
50b4bc2378
commit
2d5fb4bb73
|
@ -89,12 +89,16 @@ in
|
|||
.IR errno .
|
||||
|
||||
If
|
||||
.BR fork (2),
|
||||
.BR clone (2),
|
||||
.BR fork (2)
|
||||
or
|
||||
.BR execve (2)
|
||||
are allowed by the filter, any child processes will be constrained to
|
||||
.BR clone (2)
|
||||
is allowed by the filter, any child processes will be constrained to
|
||||
the same filters and system calls as the parent.
|
||||
If
|
||||
.BR execve (2)
|
||||
is allowed by the filter,
|
||||
the filters and constraints on permitted system calls are preserved across an
|
||||
.BR execve (2).
|
||||
|
||||
Prior to using this operation, the process must call
|
||||
.IR "prctl(PR_SET_NO_NEW_PRIVS,\ 1)"
|
||||
|
|
Loading…
Reference in New Issue