prctl.2, seccomp.2: Clarify that SECCOMP_SET_MODE_STRICT disallows exit_group(2)

These days, glibc implements _exit() as a wrapper around exit_group(2). (When seccomp was originally introduced, this was not the case.) Give the reader a clue that, despite what glibc is doing, what SECCOMP_SET_MODE_STRICT permits is the true _exit(2) system call, and not exit_group(2). Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-06-30 13:39:39 +02:00 · 2015-06-30 13:39:39 +02:00 · 85fbef7408
parent 7a79bb301a
commit 85fbef7408
2 changed files with 6 additions and 2 deletions
--- a/man2/prctl.2
+++ b/man2/prctl.2
@ -431,7 +431,9 @@ set to
 the only system calls that the thread is permitted to make are
 .BR read (2),
 .BR write (2),
-.BR _exit (2),
+.BR _exit (2)
+(but not
+.BR exit_group (2)),
 and
 .BR sigreturn (2).
 Other system calls result in the delivery of a
--- a/man2/seccomp.2
+++ b/man2/seccomp.2
@ -54,7 +54,9 @@ values:
 The only system calls that the calling thread is permitted to make are
 .BR read (2),
 .BR write (2),
-.BR _exit (2),
+.BR _exit (2)
+(but not
+.BR exit_group (2)),
 and
 .BR sigreturn (2).
 Other system calls result in the delivery of a