Michael Kerrisk
6426723630
seccomp.2: EXAMPLE: Expand comments in the BPF program
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
86ae10e3bd
seccomp.2: Rename arguments inside example program
...
Rename the arguments to install_filter() to improve readability
a little and to remove a little ambiguity. In particular, rename
'arch' to 't_arch' so that it does not get confused with the
seccomp_data field of the same name.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
cecc8c48ba
seccomp.2: Add subsection on seccomp-specific BPF details
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
93b9a9eeff
seccomp.2: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
882cf566d8
seccomp.2: ERRORS: add an EINVAL case
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
043ed1c6d3
seccomp.2: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
0c2e01b788
seccomp.2: Rework discussion of 'seccomp_data' buffer
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
e28e21fea0
seccomp.2: SEE ALSO: add Documentation/prctl/seccomp_filter.txt
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
f74fd424c1
seccomp.2: Add reference to original Usenix BPF paper
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
65a1328c75
seccomp.2: srcfix: Add FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
5b95c4aba5
seccomp.2: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
a0a0c98bdc
seccomp.2: Mention <linux/audit.h>
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
43b265ff16
seccomp.2: wfix for EFAULT error
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
0e27eb0cd4
seccomp.2: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
3edfdb10b2
seccomp.2: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
30d8060bd7
seccomp.2: srcfix: Add FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
76db415686
seccomp.2: Minor tweak to wording of ENOSYS error
2015-01-10 09:38:09 +01:00
Michael Kerrisk
cf690e13ff
seccomp.2: Rework discussion of 'siginfo_t' fields
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
41bf4e32e0
seccomp.2: srcfix: Add FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
db99c0648c
seccomp.2: Add reference to sigaction(2) under SECCOMP_RET_TRAP discussion
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
1da13d158d
seccomp.2: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
ce67ca2364
seccomp.2: Minor tweak to ENOMEM error text
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
29efefece6
seccomp.2: Add some ERRORS
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
5c8dd0e971
seccomp.2: Add a comment to example program
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
610082d992
seccomp.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
880bc4eb2d
seccomp.2: Clarify thread ID returned on SECCOMP_FILTER_FLAG_TSYNC failure
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
cbffd6ae44
seccomp.2: Fixes after review comments from Kees Cook
...
Reported-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
b8ffefd766
seccomp.2: Clarifications from Andy Lutomirski
...
Reported-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
87aa1b2cd8
seccomp.2: Minor fixes
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
1268c887a7
seccomp.2: srcfix: Add FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
4c43ddd29b
seccomp.2: srcfix: Add FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
886a865181
seccomp.2: srcfix: Add FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
d4438093f3
seccomp.2: srcfix: add FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
35e4506b05
seccomp.2: Add sample runs for example program
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
5e97e9b10c
seccomp.2: Tweaks to example program
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
0a1b868c77
seccomp.2: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
5b84640229
seccomp.2: srcfix: Add FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
feb058c230
seccomp.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
b95b411b88
seccomp.2: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
18abaf3ea2
seccomp.2: SEE ALSO: add kernel source file Documentation/networking/filter.txt
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:09 +01:00
Michael Kerrisk
d8c128fb6e
seccomp.2: srcfix: update FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:08 +01:00
Michael Kerrisk
d2b076687d
seccomp.2: srcfix: Add FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:08 +01:00
Michael Kerrisk
3cea64ec03
seccomp.2: srcfix: Add FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:08 +01:00
Michael Kerrisk
e01ca3aa51
seccomp.2: grfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:08 +01:00
Michael Kerrisk
3fbe3aa3f9
seccomp.2: Reword text describing ENOSYS failure from SECCOMP_RET_TRACE
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:08 +01:00
Michael Kerrisk
33bb5d332f
seccomp.2: Minor wording fix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:08 +01:00
Michael Kerrisk
0a2a0df097
seccomp.2: Reword text describing killing via SIGSYS
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:08 +01:00
Michael Kerrisk
ec2bb3c022
seccomp.2: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:08 +01:00
Michael Kerrisk
8585d5a797
seccomp.2: Reword text on seccomp filter return values
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:08 +01:00
Michael Kerrisk
67f7d3af9d
seccomp.2: srcfix: Added FIXMEs
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:08 +01:00
Michael Kerrisk
ae857a90dd
seccomp.2: srcfix: Add FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:08 +01:00
Michael Kerrisk
7d596c7b1b
seccomp.2: Minor rewording
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:08 +01:00
Michael Kerrisk
955efdbcc1
seccomp.2: Reword discussion of PR_SET_NO_NEW_PRIVS
2015-01-10 09:38:08 +01:00
Michael Kerrisk
d06d25cc28
seccomp.2: Tweaks to example program
...
Change return values of install_filter().
More white space.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:08 +01:00
Michael Kerrisk
2d5fb4bb73
seccomp.2: Reword discussion of execve() and filters
...
The existing grouped fork(), clone(), execve() together
in a discussion about child processes. But execve()
does not create a process.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:37:57 +01:00
Michael Kerrisk
50b4bc2378
seccomp.2: Minor fixes
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-07 13:50:01 +01:00
Michael Kerrisk
90c6777a67
seccomp.2: Fix kernel version number
...
Reported-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-07 13:48:38 +01:00
Kees Cook
e9519f4f28
seccomp.2: New page documenting seccomp(2)
...
Combines documentation from prctl, in-kernel seccomp_filter.txt
and dropper.c, along with details specific to the new system call.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-07 13:48:38 +01:00