mirror of https://github.com/mkerrisk/man-pages
seccomp.2, seccomp_unotify.2: Clarify that there can be only one SECCOMP_FILTER_FLAG_NEW_LISTENER
Reported-by: Christian Brauner <christian@brauner.io> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
cd3224b7df
commit
fd376c6b2a
|
@ -225,6 +225,11 @@ return a new user-space notification file descriptor.
|
||||||
When the filter returns
|
When the filter returns
|
||||||
.BR SECCOMP_RET_USER_NOTIF
|
.BR SECCOMP_RET_USER_NOTIF
|
||||||
a notification will be sent to this file descriptor.
|
a notification will be sent to this file descriptor.
|
||||||
|
.IP
|
||||||
|
At most one seccomp filter using the
|
||||||
|
.BR SECCOMP_FILTER_FLAG_NEW_LISTENER
|
||||||
|
flag can be installed for a thread.
|
||||||
|
.IP
|
||||||
See
|
See
|
||||||
.BR seccomp_unotify (2)
|
.BR seccomp_unotify (2)
|
||||||
for further details.
|
for further details.
|
||||||
|
@ -801,6 +806,12 @@ capability in its user namespace, or had not set
|
||||||
before using
|
before using
|
||||||
.BR SECCOMP_SET_MODE_FILTER .
|
.BR SECCOMP_SET_MODE_FILTER .
|
||||||
.TP
|
.TP
|
||||||
|
.BR EBUSY
|
||||||
|
While installing a new filter, the
|
||||||
|
.BR SECCOMP_FILTER_FLAG_NEW_LISTENER
|
||||||
|
flag was specified,
|
||||||
|
but a previous filter had already been installed with that flag.
|
||||||
|
.TP
|
||||||
.BR EFAULT
|
.BR EFAULT
|
||||||
.IR args
|
.IR args
|
||||||
was not a valid address.
|
was not a valid address.
|
||||||
|
|
|
@ -92,6 +92,7 @@ Consequently, the return value of the (successful)
|
||||||
.BR seccomp (2)
|
.BR seccomp (2)
|
||||||
call is a new "listening"
|
call is a new "listening"
|
||||||
file descriptor that can be used to receive notifications.
|
file descriptor that can be used to receive notifications.
|
||||||
|
Only one such "listener" can be established.
|
||||||
.IP \(bu
|
.IP \(bu
|
||||||
In cases where it is appropriate, the seccomp filter returns the action value
|
In cases where it is appropriate, the seccomp filter returns the action value
|
||||||
.BR SECCOMP_RET_USER_NOTIF .
|
.BR SECCOMP_RET_USER_NOTIF .
|
||||||
|
|
Loading…
Reference in New Issue