mirror of https://github.com/mkerrisk/man-pages
seccomp.2: Note that vDSO implementations sometimes fall back to real syscalls
Reported-by: Florian Weimer <fweimer@redhat.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
5069617c90
commit
42cfb3552b
|
@ -709,6 +709,10 @@ and
|
|||
.BR time (2).
|
||||
On such architectures,
|
||||
seccomp filtering for these system calls will have no effect.
|
||||
(However, there are cases where the
|
||||
.BR vdso (7)
|
||||
implementations may fall back to invoking the true system call,
|
||||
in which case seccomp filters would see the system call.)
|
||||
.IP *
|
||||
Seccomp filtering is based on system call numbers.
|
||||
However, applications typically do not directly invoke system calls,
|
||||
|
|
Loading…
Reference in New Issue