LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity

seccomp.2: Warn reader that SECCOMP_RET_TRACE can be overridden 

Highlight to the reader that if another filter returns a
higher-precedence action value, then the ptracer will not
be notified.

Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2020-10-15 13:02:36 +02:00
parent 025584732f
commit 4b6e3782e1
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
man2/seccomp.2
View File

@ -606,6 +606,10 @@ allow use of
of other
sandboxed processes\(emwithout extreme care;
ptracers can use this mechanism to escape from the seccomp sandbox.)
.IP
Note that a tracer process will not be notified
if another filter returns an action value with a precedence greater than
.BR SECCOMP_RET_TRACE .
.TP
.BR SECCOMP_RET_LOG " (since Linux 4.14)"
.\" commit 59f5cf44a38284eb9e76270c786fb6cc62ef8ac4