mirror of https://github.com/mkerrisk/man-pages
seccomp.2: Use syscall(SYS_...); for system calls without a wrapper
Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
292583e25b
commit
5945cd7bd3
|
@ -38,13 +38,18 @@ seccomp \- operate on Secure Computing state of the process
|
|||
.BR "#include <sys/ptrace.h>" " /* Definition of " PTRACE_* " constants */"
|
||||
.\" Kees Cook noted: Anything that uses SECCOMP_RET_TRACE returns will
|
||||
.\" need <sys/ptrace.h>
|
||||
.BR "#include <sys/syscall.h>" " /* Definition of " SYS_* " constants */"
|
||||
.B #include <unistd.h>
|
||||
.PP
|
||||
.BI "int seccomp(unsigned int " operation ", unsigned int " flags \
|
||||
", void *" args );
|
||||
.BI "int syscall(SYS_seccomp, unsigned int " operation ", unsigned int " flags ,
|
||||
.BI " void *" args );
|
||||
.fi
|
||||
.PP
|
||||
.IR Note :
|
||||
There is no glibc wrapper for this system call; see NOTES.
|
||||
glibc provides no wrapper for
|
||||
.BR seccomp (),
|
||||
necessitating the use of
|
||||
.BR syscall (2).
|
||||
.SH DESCRIPTION
|
||||
The
|
||||
.BR seccomp ()
|
||||
|
@ -930,9 +935,6 @@ Tile (since Linux 4.3)
|
|||
PA-RISC (since Linux 4.6)
|
||||
.\" User mode Linux since Linux 4.6
|
||||
.PD
|
||||
.PP
|
||||
Glibc does not provide a wrapper for this system call; call it using
|
||||
.BR syscall (2).
|
||||
.\"
|
||||
.SS Caveats
|
||||
There are various subtleties to consider when applying seccomp filters
|
||||
|
|
Loading…
Reference in New Issue