From 54ae7ac44184c62beb8d60610e3a95ef8cd88ff9 Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Sun, 8 Aug 2021 03:12:43 +0200 Subject: [PATCH] seccomp_unotify.2: Minor tweaks (part 2) to Rodrigo's patch Signed-off-by: Michael Kerrisk --- man2/seccomp_unotify.2 | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/man2/seccomp_unotify.2 b/man2/seccomp_unotify.2 index ae449ae36..b92203721 100644 --- a/man2/seccomp_unotify.2 +++ b/man2/seccomp_unotify.2 @@ -741,16 +741,19 @@ use the file descriptor number specified in the field. .TP .BR SECCOMP_ADDFD_FLAG_SEND " (since Linux 5.14)" -Combines the +.\" commit 0ae71c7720e3ae3aabd2e8a072d27f7bd173d25c +Perform the equivalent of .B SECCOMP_IOCTL_NOTIF_ADDFD -ioctl with +plus .B SECCOMP_IOCTL_NOTIF_SEND -into an atomic operation. -On successful invocation, the target process's errno will be 0 +as an atomic operation. +On successful invocation, the target process's +.I errno +will be 0 and the return value will be the file descriptor number -that was installed in the target. -If allocating the file descriptor in the tatget fails, -the target's syscall continues to be blocked +that was allocated in the target. +If allocating the file descriptor in the target fails, +the target's system call continues to be blocked until a successful response is sent. .RE .TP @@ -1173,7 +1176,7 @@ flag. .PP Furthermore, if the supervisor response is a file descriptor added with -.B SECCOMP_IOCTL_NOTIF_ADDFD, +.BR SECCOMP_IOCTL_NOTIF_ADDFD , then the flag .B SECCOMP_ADDFD_FLAG_SEND can be used to atomically add the file descriptor and return that value,