From 3e2656812f240aa25db29f4c8ee85f199cb5a66a Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Wed, 28 Jul 2021 22:19:52 +0200 Subject: [PATCH] seccomp_unotify.2: Document SECCOMP_ADDFD_FLAG_SEND This flag was recently added to Linux 5.14 by a patch I wrote: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ae71c7720e3ae3aabd2e8a072d27f7bd173d25c This patch adds documentation for the flag, the error code that the flag added and explains in the caveat when it is useful. Signed-off-by: Rodrigo Campos Signed-off-by: Alejandro Colomar Signed-off-by: Michael Kerrisk --- man2/seccomp_unotify.2 | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/man2/seccomp_unotify.2 b/man2/seccomp_unotify.2 index 2673d9bc7..9bd27214f 100644 --- a/man2/seccomp_unotify.2 +++ b/man2/seccomp_unotify.2 @@ -739,6 +739,17 @@ When allocating the file descriptor in the target, use the file descriptor number specified in the .I newfd field. +.TP +.BR SECCOMP_ADDFD_FLAG_SEND +Available since Linux 5.14, combines the +.B SECCOMP_IOCTL_NOTIF_ADDFD +ioctl with +.B SECCOMP_IOCTL_NOTIF_SEND +into an atomic operation. On successful invocation, the target process's +errno will be 0 and the return value will be the file descriptor number that was +installed in the target. If allocating the file descriptor in the tatget fails, +the target's syscall continues to be blocked until a successful response is +sent. .RE .TP .I srcfd @@ -801,6 +812,13 @@ Allocating the file descriptor in the target would cause the target's limit to be exceeded (see .BR getrlimit (2)). .TP +.B EBUSY +If the flag +.B SECCOMP_IOCTL_NOTIF_SEND +is used, this means the operation can't proceed until other +.B SECCOMP_IOCTL_NOTIF_ADDFD +requests are processed. +.TP .B EINPROGRESS The user-space notification specified in the .I id @@ -1131,6 +1149,14 @@ that would normally be restarted by the .BR SA_RESTART flag. +.PP +Furthermore, if the supervisor response is a file descriptor +added with +.B SECCOMP_IOCTL_NOTIF_ADDFD, +then the flag +.B SECCOMP_ADDFD_FLAG_SEND +can be used to atomically add the file descriptor and return that value, +making sure no file descriptors are inadvertently leaked into the target. .\" FIXME .\" About the above, Kees Cook commented: .\"