LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity
21,251 Commits 1 Branch 197 Tags 93 MiB
Commit Graph

165 Commits

Author SHA1 Message Date
Michael Kerrisk 5ac5e03b0d seccomp.2: srcfix: Remove a FIXME 
Quoting Daniel's response to my FIXME

> Still hoping to hear from Will Drewy regarding this FIXME in the
> page source:
>
> .\" FIXME What is the significance of the line
> .\"           ftest->code = BPF_LDX | BPF_W | BPF_ABS;
> .\"       in kernel/seccomp.c::seccomp_check_filter()?

This came in from our rework via commit bd4cf0ed331a ("net: filter:
rework/optimize internal BPF interpreter's instruction set"), and
is kernel-internal only, and unused in classic BPF. It translates
into A = *(u32 *) (ctx + K) and will basically load an offset from
the populated seccomp_data (= ctx) to A. For the man-page itself
it has therefore no relevance, hope that clarifies it.

Reviewed-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk a79566fba6 seccomp.2: wfix 
Revert a wording change, as suggested by Kees Cook.

Reported-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 1367a60afb seccomp.2: A process's seccomp mode is viewable via /proc/PID/status "Seccomp" 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 068653012c seccomp.2: Changes after review feedback by Kees Cook 
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 36931cfc80 seccomp.2: srcfx: Add FIXME 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk ef05ec712f seccomp.2: Minor fix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 699996321d seccomp.2: Tweak an argument name 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 6426723630 seccomp.2: EXAMPLE: Expand comments in the BPF program 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 86ae10e3bd seccomp.2: Rename arguments inside example program 
Rename the arguments to install_filter() to improve readability
a little and to remove a little ambiguity. In particular, rename
'arch' to 't_arch' so that it does not get confused with the
seccomp_data field of the same name.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk cecc8c48ba seccomp.2: Add subsection on seccomp-specific BPF details 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 93b9a9eeff seccomp.2: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 882cf566d8 seccomp.2: ERRORS: add an EINVAL case 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 043ed1c6d3 seccomp.2: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 0c2e01b788 seccomp.2: Rework discussion of 'seccomp_data' buffer 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk e28e21fea0 seccomp.2: SEE ALSO: add Documentation/prctl/seccomp_filter.txt 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk f74fd424c1 seccomp.2: Add reference to original Usenix BPF paper 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 65a1328c75 seccomp.2: srcfix: Add FIXME 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 5b95c4aba5 seccomp.2: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk a0a0c98bdc seccomp.2: Mention <linux/audit.h> 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 43b265ff16 seccomp.2: wfix for EFAULT error 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 0e27eb0cd4 seccomp.2: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 3edfdb10b2 seccomp.2: srcfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 30d8060bd7 seccomp.2: srcfix: Add FIXME 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 76db415686 seccomp.2: Minor tweak to wording of ENOSYS error 2015-01-10 09:38:09 +01:00
Michael Kerrisk cf690e13ff seccomp.2: Rework discussion of 'siginfo_t' fields 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk 41bf4e32e0 seccomp.2: srcfix: Add FIXME 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk db99c0648c seccomp.2: Add reference to sigaction(2) under SECCOMP_RET_TRAP discussion 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk 1da13d158d seccomp.2: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk ce67ca2364 seccomp.2: Minor tweak to ENOMEM error text 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk 29efefece6 seccomp.2: Add some ERRORS 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk 5c8dd0e971 seccomp.2: Add a comment to example program 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk 610082d992 seccomp.2: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk 880bc4eb2d seccomp.2: Clarify thread ID returned on SECCOMP_FILTER_FLAG_TSYNC failure 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk cbffd6ae44 seccomp.2: Fixes after review comments from Kees Cook 
Reported-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk b8ffefd766 seccomp.2: Clarifications from Andy Lutomirski 
Reported-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk 87aa1b2cd8 seccomp.2: Minor fixes 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk 1268c887a7 seccomp.2: srcfix: Add FIXME 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk 4c43ddd29b seccomp.2: srcfix: Add FIXME 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk 886a865181 seccomp.2: srcfix: Add FIXME 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk d4438093f3 seccomp.2: srcfix: add FIXME 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk 35e4506b05 seccomp.2: Add sample runs for example program 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk 5e97e9b10c seccomp.2: Tweaks to example program 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk 0a1b868c77 seccomp.2: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk 5b84640229 seccomp.2: srcfix: Add FIXME 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk feb058c230 seccomp.2: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk b95b411b88 seccomp.2: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk 18abaf3ea2 seccomp.2: SEE ALSO: add kernel source file Documentation/networking/filter.txt 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:09 +01:00
Michael Kerrisk d8c128fb6e seccomp.2: srcfix: update FIXME 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:08 +01:00
Michael Kerrisk d2b076687d seccomp.2: srcfix: Add FIXME 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:08 +01:00
Michael Kerrisk 3cea64ec03 seccomp.2: srcfix: Add FIXME 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:08 +01:00
Michael Kerrisk e01ca3aa51 seccomp.2: grfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:08 +01:00
Michael Kerrisk 3fbe3aa3f9 seccomp.2: Reword text describing ENOSYS failure from SECCOMP_RET_TRACE 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:08 +01:00
Michael Kerrisk 33bb5d332f seccomp.2: Minor wording fix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:08 +01:00
Michael Kerrisk 0a2a0df097 seccomp.2: Reword text describing killing via SIGSYS 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:08 +01:00
Michael Kerrisk ec2bb3c022 seccomp.2: srcfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:08 +01:00
Michael Kerrisk 8585d5a797 seccomp.2: Reword text on seccomp filter return values 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:08 +01:00
Michael Kerrisk 67f7d3af9d seccomp.2: srcfix: Added FIXMEs 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:08 +01:00
Michael Kerrisk ae857a90dd seccomp.2: srcfix: Add FIXME 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:08 +01:00
Michael Kerrisk 7d596c7b1b seccomp.2: Minor rewording 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:08 +01:00
Michael Kerrisk 955efdbcc1 seccomp.2: Reword discussion of PR_SET_NO_NEW_PRIVS 2015-01-10 09:38:08 +01:00
Michael Kerrisk d06d25cc28 seccomp.2: Tweaks to example program 
Change return values of install_filter().
More white space.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:08 +01:00
Michael Kerrisk 2d5fb4bb73 seccomp.2: Reword discussion of execve() and filters 
The existing grouped fork(), clone(), execve() together
in a discussion about child processes. But execve()
does not create a process.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:37:57 +01:00
Michael Kerrisk 50b4bc2378 seccomp.2: Minor fixes 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-07 13:50:01 +01:00
Michael Kerrisk 90c6777a67 seccomp.2: Fix kernel version number 
Reported-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-07 13:48:38 +01:00
Kees Cook e9519f4f28 seccomp.2: New page documenting seccomp(2) 
Combines documentation from prctl, in-kernel seccomp_filter.txt
and dropper.c, along with details specific to the new system call.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-07 13:48:38 +01:00