mirror of https://github.com/mkerrisk/man-pages
prctl.2: Minor edits to Kees's patch
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
34447828c4
commit
d6ef3d5748
19
man2/prctl.2
19
man2/prctl.2
|
@ -236,8 +236,8 @@ in the location pointed to by
|
|||
.\" See http://thread.gmane.org/gmane.linux.kernel/542632
|
||||
.\" [PATCH 0 of 2] seccomp updates
|
||||
.\" andrea@cpushare.com
|
||||
Set the secure computing mode for the calling thread, to limit
|
||||
the available syscalls.
|
||||
Set the secure computing (seccomp) mode for the calling thread, to limit
|
||||
the available system calls.
|
||||
The seccomp mode is selected via
|
||||
.IR arg2 .
|
||||
(The seccomp constants are defined in
|
||||
|
@ -260,7 +260,9 @@ Strict secure computing mode is useful for number-crunching applications
|
|||
that may need to execute untrusted byte code,
|
||||
perhaps obtained by reading from a pipe or socket.
|
||||
This operation is only available
|
||||
if the kernel is configured with CONFIG_SECCOMP enabled.
|
||||
if the kernel is configured with
|
||||
.B CONFIG_SECCOMP
|
||||
enabled.
|
||||
|
||||
With
|
||||
.IR arg2
|
||||
|
@ -270,9 +272,10 @@ the system calls allowed are
|
|||
defined by a pointer passed in
|
||||
.IR arg3
|
||||
to a Berkeley Packet Filter, which can be designed to filter
|
||||
arbitrary syscalls and syscall arguments.
|
||||
arbitrary system calls and system call arguments.
|
||||
This mode is only available if the kernel is configured with
|
||||
CONFIG_SECCOMP_FILTER enabled.
|
||||
.B CONFIG_SECCOMP_FILTER
|
||||
enabled.
|
||||
|
||||
.TP
|
||||
.BR PR_GET_SECCOMP " (since Linux 2.6.23)"
|
||||
|
@ -283,10 +286,12 @@ if the caller is in strict secure computing mode, then the
|
|||
call will cause a
|
||||
.B SIGKILL
|
||||
signal to be sent to the process.
|
||||
If the caller is in filter mode, and this syscall is allowed by the
|
||||
If the caller is in filter mode, and this system call is allowed by the
|
||||
seccomp filters, it returns 2.
|
||||
This operation is only available
|
||||
if the kernel is configured with CONFIG_SECCOMP enabled.
|
||||
if the kernel is configured with
|
||||
.B CONFIG_SECCOMP
|
||||
enabled.
|
||||
.TP
|
||||
.BR PR_SET_SECUREBITS " (since Linux 2.6.26)"
|
||||
Set the "securebits" flags of the calling thread to the value supplied in
|
||||
|
|
Loading…
Reference in New Issue