From 8e5918c2ec8eac25979479e27e3b1f0b8c53e211 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Wed, 30 Jun 2021 15:11:23 -0500
Subject: [PATCH] seccomp.2: Clarify that bad system calls kill the thread

Reported-by: Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man2/seccomp.2 | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/man2/seccomp.2 b/man2/seccomp.2
index 8c80fb7bb..93f8190ce 100644
--- a/man2/seccomp.2
+++ b/man2/seccomp.2
@@ -69,9 +69,10 @@ The only system calls that the calling thread is permitted to make are
 .BR exit_group (2)),
 and
 .BR sigreturn (2).
-Other system calls result in the delivery of a
+Other system calls result in the termination of the calling thread,
+or termination of the entire process with the
 .BR SIGKILL
-signal.
+signal when there is only one thread.
 Strict secure computing mode is useful for number-crunching
 applications that may need to execute untrusted byte code, perhaps
 obtained by reading from a pipe or socket.