mirror of https://github.com/mkerrisk/man-pages
seccomp.2: Warn reader that SECCOMP_RET_TRACE can be overridden
Highlight to the reader that if another filter returns a higher-precedence action value, then the ptracer will not be notified. Reported-by: Jann Horn <jannh@google.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
025584732f
commit
4b6e3782e1
|
@ -606,6 +606,10 @@ allow use of
|
||||||
of other
|
of other
|
||||||
sandboxed processes\(emwithout extreme care;
|
sandboxed processes\(emwithout extreme care;
|
||||||
ptracers can use this mechanism to escape from the seccomp sandbox.)
|
ptracers can use this mechanism to escape from the seccomp sandbox.)
|
||||||
|
.IP
|
||||||
|
Note that a tracer process will not be notified
|
||||||
|
if another filter returns an action value with a precedence greater than
|
||||||
|
.BR SECCOMP_RET_TRACE .
|
||||||
.TP
|
.TP
|
||||||
.BR SECCOMP_RET_LOG " (since Linux 4.14)"
|
.BR SECCOMP_RET_LOG " (since Linux 4.14)"
|
||||||
.\" commit 59f5cf44a38284eb9e76270c786fb6cc62ef8ac4
|
.\" commit 59f5cf44a38284eb9e76270c786fb6cc62ef8ac4
|
||||||
|
|
Loading…
Reference in New Issue