mirror of https://github.com/mkerrisk/man-pages
prctl.2: Minor edits to Kees's patch
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
34447828c4
commit
d6ef3d5748
19
man2/prctl.2
19
man2/prctl.2
|
@ -236,8 +236,8 @@ in the location pointed to by
|
||||||
.\" See http://thread.gmane.org/gmane.linux.kernel/542632
|
.\" See http://thread.gmane.org/gmane.linux.kernel/542632
|
||||||
.\" [PATCH 0 of 2] seccomp updates
|
.\" [PATCH 0 of 2] seccomp updates
|
||||||
.\" andrea@cpushare.com
|
.\" andrea@cpushare.com
|
||||||
Set the secure computing mode for the calling thread, to limit
|
Set the secure computing (seccomp) mode for the calling thread, to limit
|
||||||
the available syscalls.
|
the available system calls.
|
||||||
The seccomp mode is selected via
|
The seccomp mode is selected via
|
||||||
.IR arg2 .
|
.IR arg2 .
|
||||||
(The seccomp constants are defined in
|
(The seccomp constants are defined in
|
||||||
|
@ -260,7 +260,9 @@ Strict secure computing mode is useful for number-crunching applications
|
||||||
that may need to execute untrusted byte code,
|
that may need to execute untrusted byte code,
|
||||||
perhaps obtained by reading from a pipe or socket.
|
perhaps obtained by reading from a pipe or socket.
|
||||||
This operation is only available
|
This operation is only available
|
||||||
if the kernel is configured with CONFIG_SECCOMP enabled.
|
if the kernel is configured with
|
||||||
|
.B CONFIG_SECCOMP
|
||||||
|
enabled.
|
||||||
|
|
||||||
With
|
With
|
||||||
.IR arg2
|
.IR arg2
|
||||||
|
@ -270,9 +272,10 @@ the system calls allowed are
|
||||||
defined by a pointer passed in
|
defined by a pointer passed in
|
||||||
.IR arg3
|
.IR arg3
|
||||||
to a Berkeley Packet Filter, which can be designed to filter
|
to a Berkeley Packet Filter, which can be designed to filter
|
||||||
arbitrary syscalls and syscall arguments.
|
arbitrary system calls and system call arguments.
|
||||||
This mode is only available if the kernel is configured with
|
This mode is only available if the kernel is configured with
|
||||||
CONFIG_SECCOMP_FILTER enabled.
|
.B CONFIG_SECCOMP_FILTER
|
||||||
|
enabled.
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
.BR PR_GET_SECCOMP " (since Linux 2.6.23)"
|
.BR PR_GET_SECCOMP " (since Linux 2.6.23)"
|
||||||
|
@ -283,10 +286,12 @@ if the caller is in strict secure computing mode, then the
|
||||||
call will cause a
|
call will cause a
|
||||||
.B SIGKILL
|
.B SIGKILL
|
||||||
signal to be sent to the process.
|
signal to be sent to the process.
|
||||||
If the caller is in filter mode, and this syscall is allowed by the
|
If the caller is in filter mode, and this system call is allowed by the
|
||||||
seccomp filters, it returns 2.
|
seccomp filters, it returns 2.
|
||||||
This operation is only available
|
This operation is only available
|
||||||
if the kernel is configured with CONFIG_SECCOMP enabled.
|
if the kernel is configured with
|
||||||
|
.B CONFIG_SECCOMP
|
||||||
|
enabled.
|
||||||
.TP
|
.TP
|
||||||
.BR PR_SET_SECUREBITS " (since Linux 2.6.26)"
|
.BR PR_SET_SECUREBITS " (since Linux 2.6.26)"
|
||||||
Set the "securebits" flags of the calling thread to the value supplied in
|
Set the "securebits" flags of the calling thread to the value supplied in
|
||||||
|
|
Loading…
Reference in New Issue