mirror of https://github.com/mkerrisk/man-pages
seccomp.2: Add subsection on seccomp-specific BPF details
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
93b9a9eeff
commit
cecc8c48ba
|
@ -463,6 +463,34 @@ provides a superset of the functionality provided by the
|
|||
.BR PR_SET_SECCOMP
|
||||
operation (which does not support
|
||||
.IR flags ).
|
||||
.\" FIXME Please review the following new subsection {{{
|
||||
.SS Seccomp-specific BPF details
|
||||
Note the following BPF details specific to seccomp filters:
|
||||
.IP * 3
|
||||
The
|
||||
.B BPF_H
|
||||
and
|
||||
.B BPF_B
|
||||
size modifiers are not supported: all operations must load and store
|
||||
(4-byte) words
|
||||
.RB ( BPF_W ).
|
||||
.IP *
|
||||
To access the contents of the
|
||||
.I seccomp_data
|
||||
buffer, use the
|
||||
.B BPF_ABS
|
||||
addressing mode modifier.
|
||||
.\" FIXME What is the significance of the line
|
||||
.\" ftest->code = BPF_LDX | BPF_W | BPF_ABS;
|
||||
.\" in kernel/seccomp.c::seccomp_check_filter()?
|
||||
.IP *
|
||||
The
|
||||
.B BPF_LEN
|
||||
addressing mode modifier yields an immediate mode operand
|
||||
whose value is the size of the
|
||||
.IR seccomp_data
|
||||
buffer.
|
||||
.\" FIXME End of new subsection for review }}}
|
||||
.SH EXAMPLE
|
||||
The program below accepts four or more arguments.
|
||||
The first three arguments are a system call number,
|
||||
|
|
Loading…
Reference in New Issue