ptrace.2: Document PTRACE_O_SUSPEND_SECCOMP flag

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> CC: Kees Cook <keescook@chromium.org> CC: Andy Lutomirski <luto@amacapital.net> CC: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-09-11 13:53:28 +02:00 · 2015-09-11 13:53:28 +02:00 · e3cfeba2ff
parent a0742a27be
commit e3cfeba2ff
1 changed files with 12 additions and 0 deletions
--- a/man2/ptrace.2
+++ b/man2/ptrace.2
@ -592,6 +592,18 @@ The seccomp event message data (from the
 .BR SECCOMP_RET_DATA
 portion of the seccomp filter rule) can be retrieved with
 .BR PTRACE_GETEVENTMSG .
+.TP
+.BR PTRACE_O_SUSPEND_SECCOMP " (since Linux 4.2)"
+Suspend the tracee's seccomp protections. This applies regardless of mode, and
+can be used when the tracee has not yet installed seccomp filters. That is, a
+valid usecase is to suspend a tracee's seccomp protections before they are
+installed by the tracee, let the tracee install the filters, and then clear
+this flag when the filters should be resumed. Setting this option requires that
+the tracer have
+.BR CAP_SYS_ADMIN ,
+not have any seccomp protections installed, and not have
+.BR PTRACE_O_SUSPEND_SECCOMP
+set on itself.
 .RE
 .TP
 .BR PTRACE_GETEVENTMSG " (since Linux 2.5.46)"