mirror of https://github.com/mkerrisk/man-pages
seccomp.2: Document the SECCOMP_GET_ACTION_AVAIL operation added in Linux 4.14
Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
2577dbba2b
commit
6d1728dad1
|
@ -206,6 +206,17 @@ Synchronization will fail if another thread in the same process is in
|
|||
or if it has attached new seccomp filters to itself,
|
||||
diverging from the calling thread's filter tree.
|
||||
.RE
|
||||
.TP
|
||||
.BR SECCOMP_GET_ACTION_AVAIL " (since Linux 4.14)"
|
||||
.\" commit d612b1fd8010d0d67b5287fe146b8b55bcbb8655
|
||||
Test to see if an action is supported by the kernel. This operation is helpful to confirm that the kernel knows of a more recently added filter return action since the kernel treats all unknown actions as
|
||||
.BR SECCOMP_RET_KILL .
|
||||
.IP
|
||||
The value of
|
||||
.IR flags
|
||||
must be 0, and
|
||||
.IR args
|
||||
must be a pointer to an unsigned 32-bit filter return action.
|
||||
.SS Filters
|
||||
When adding filters via
|
||||
.BR SECCOMP_SET_MODE_FILTER ,
|
||||
|
@ -611,6 +622,13 @@ Note that for the purposes of calculating this limit,
|
|||
each already existing filter program incurs an
|
||||
overhead penalty of 4 instructions.
|
||||
.TP
|
||||
.BR EOPNOTSUPP
|
||||
.I operation
|
||||
specified
|
||||
.BR SECCOMP_GET_ACTION_AVAIL ,
|
||||
but the kernel does not support the filter return action specified by
|
||||
.IR args .
|
||||
.TP
|
||||
.BR ESRCH
|
||||
Another thread caused a failure during thread sync, but its ID could not
|
||||
be determined.
|
||||
|
|
Loading…
Reference in New Issue