seccomp.2: Note that vDSO implementations sometimes fall back to real syscalls

Reported-by: Florian Weimer <fweimer@redhat.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-11-09 14:32:56 +01:00 · 2017-11-09 14:32:56 +01:00 · 42cfb3552b
parent 5069617c90
commit 42cfb3552b
1 changed files with 4 additions and 0 deletions
--- a/man2/seccomp.2
+++ b/man2/seccomp.2
@ -709,6 +709,10 @@ and
 .BR time (2).
 On such architectures,
 seccomp filtering for these system calls will have no effect.
+(However, there are cases where the
+.BR vdso (7)
+implementations may fall back to invoking the true system call,
+in which case seccomp filters would see the system call.)
 .IP *
 Seccomp filtering is based on system call numbers.
 However, applications typically do not directly invoke system calls,