From 6d1728dad1adcfae9248081a9c39ced2a16bd160 Mon Sep 17 00:00:00 2001 From: Tyler Hicks Date: Thu, 26 Oct 2017 04:11:40 +0000 Subject: [PATCH] seccomp.2: Document the SECCOMP_GET_ACTION_AVAIL operation added in Linux 4.14 Signed-off-by: Tyler Hicks Signed-off-by: Michael Kerrisk --- man2/seccomp.2 | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/man2/seccomp.2 b/man2/seccomp.2 index 669c2ccc7..c5c10816e 100644 --- a/man2/seccomp.2 +++ b/man2/seccomp.2 @@ -206,6 +206,17 @@ Synchronization will fail if another thread in the same process is in or if it has attached new seccomp filters to itself, diverging from the calling thread's filter tree. .RE +.TP +.BR SECCOMP_GET_ACTION_AVAIL " (since Linux 4.14)" +.\" commit d612b1fd8010d0d67b5287fe146b8b55bcbb8655 +Test to see if an action is supported by the kernel. This operation is helpful to confirm that the kernel knows of a more recently added filter return action since the kernel treats all unknown actions as +.BR SECCOMP_RET_KILL . +.IP +The value of +.IR flags +must be 0, and +.IR args +must be a pointer to an unsigned 32-bit filter return action. .SS Filters When adding filters via .BR SECCOMP_SET_MODE_FILTER , @@ -611,6 +622,13 @@ Note that for the purposes of calculating this limit, each already existing filter program incurs an overhead penalty of 4 instructions. .TP +.BR EOPNOTSUPP +.I operation +specified +.BR SECCOMP_GET_ACTION_AVAIL , +but the kernel does not support the filter return action specified by +.IR args . +.TP .BR ESRCH Another thread caused a failure during thread sync, but its ID could not be determined.