mirror of https://github.com/mkerrisk/man-pages
seccomp.2: Add subsection on seccomp-specific BPF details
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
93b9a9eeff
commit
cecc8c48ba
|
@ -463,6 +463,34 @@ provides a superset of the functionality provided by the
|
||||||
.BR PR_SET_SECCOMP
|
.BR PR_SET_SECCOMP
|
||||||
operation (which does not support
|
operation (which does not support
|
||||||
.IR flags ).
|
.IR flags ).
|
||||||
|
.\" FIXME Please review the following new subsection {{{
|
||||||
|
.SS Seccomp-specific BPF details
|
||||||
|
Note the following BPF details specific to seccomp filters:
|
||||||
|
.IP * 3
|
||||||
|
The
|
||||||
|
.B BPF_H
|
||||||
|
and
|
||||||
|
.B BPF_B
|
||||||
|
size modifiers are not supported: all operations must load and store
|
||||||
|
(4-byte) words
|
||||||
|
.RB ( BPF_W ).
|
||||||
|
.IP *
|
||||||
|
To access the contents of the
|
||||||
|
.I seccomp_data
|
||||||
|
buffer, use the
|
||||||
|
.B BPF_ABS
|
||||||
|
addressing mode modifier.
|
||||||
|
.\" FIXME What is the significance of the line
|
||||||
|
.\" ftest->code = BPF_LDX | BPF_W | BPF_ABS;
|
||||||
|
.\" in kernel/seccomp.c::seccomp_check_filter()?
|
||||||
|
.IP *
|
||||||
|
The
|
||||||
|
.B BPF_LEN
|
||||||
|
addressing mode modifier yields an immediate mode operand
|
||||||
|
whose value is the size of the
|
||||||
|
.IR seccomp_data
|
||||||
|
buffer.
|
||||||
|
.\" FIXME End of new subsection for review }}}
|
||||||
.SH EXAMPLE
|
.SH EXAMPLE
|
||||||
The program below accepts four or more arguments.
|
The program below accepts four or more arguments.
|
||||||
The first three arguments are a system call number,
|
The first three arguments are a system call number,
|
||||||
|
|
Loading…
Reference in New Issue