mirror of https://github.com/mkerrisk/man-pages
seccomp.2: Note that vDSO implementations sometimes fall back to real syscalls
Reported-by: Florian Weimer <fweimer@redhat.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
5069617c90
commit
42cfb3552b
|
@ -709,6 +709,10 @@ and
|
||||||
.BR time (2).
|
.BR time (2).
|
||||||
On such architectures,
|
On such architectures,
|
||||||
seccomp filtering for these system calls will have no effect.
|
seccomp filtering for these system calls will have no effect.
|
||||||
|
(However, there are cases where the
|
||||||
|
.BR vdso (7)
|
||||||
|
implementations may fall back to invoking the true system call,
|
||||||
|
in which case seccomp filters would see the system call.)
|
||||||
.IP *
|
.IP *
|
||||||
Seccomp filtering is based on system call numbers.
|
Seccomp filtering is based on system call numbers.
|
||||||
However, applications typically do not directly invoke system calls,
|
However, applications typically do not directly invoke system calls,
|
||||||
|
|
Loading…
Reference in New Issue