mirror of https://github.com/mkerrisk/man-pages
seccomp.2: Warn reader that SECCOMP_RET_TRACE can be overridden
Highlight to the reader that if another filter returns a higher-precedence action value, then the ptracer will not be notified. Reported-by: Jann Horn <jannh@google.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
025584732f
commit
4b6e3782e1
|
@ -606,6 +606,10 @@ allow use of
|
|||
of other
|
||||
sandboxed processes\(emwithout extreme care;
|
||||
ptracers can use this mechanism to escape from the seccomp sandbox.)
|
||||
.IP
|
||||
Note that a tracer process will not be notified
|
||||
if another filter returns an action value with a precedence greater than
|
||||
.BR SECCOMP_RET_TRACE .
|
||||
.TP
|
||||
.BR SECCOMP_RET_LOG " (since Linux 4.14)"
|
||||
.\" commit 59f5cf44a38284eb9e76270c786fb6cc62ef8ac4
|
||||
|
|
Loading…
Reference in New Issue