LDP
/
man-pages
mirror of https://github.com/mkerrisk/man-pages
0
1
Fork 0
Code Releases Activity
18,086 Commits 1 Branch 197 Tags 93 MiB
Commit Graph

104 Commits

Author SHA1 Message Date
Michael Kerrisk dbfe9c700e _syscall.2, clock_getres.2, clone.2, copy_file_range.2, create_module.2, delete_module.2, fallocate.2, futex.2, get_kernel_syms.2, get_robust_list.2, getcpu.2, getdents.2, gettid.2, gettimeofday.2, getunwind.2, init_module.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_userfaultfd.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, link.2, llseek.2, memfd_create.2, mmap.2, mq_getsetattr.2, msgctl.2, msgget.2, open_by_handle_at.2, outb.2, perf_event_open.2, pivot_root.2, process_vm_readv.2, query_module.2, readdir.2, recvmmsg.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_setattr.2, seccomp.2, select.2, select_tut.2, send.2, sendmmsg.2, set_thread_area.2, set_tid_address.2, sgetmask.2, shmop.2, sigaction.2, sigprocmask.2, splice.2, spu_create.2, spu_run.2, statx.2, subpage_prot.2, sync_file_range.2, syscall.2, sysctl.2, sysfs.2, tee.2, timer_create.2, timer_delete.2, timer_getoverrun.2, timer_settime.2, tkill.2, uselib.2, utimensat.2, vmsplice.2, wait.2, aio_init.3, asinh.3, atan2.3, atanh.3, backtrace.3, basename.3, bswap.3, bzero.3, catgets.3, catopen.3, dladdr.3, dlsym.3, endian.3, envz_add.3, erf.3, erfc.3, error.3, ferror.3, ffs.3, fgetc.3, fmemopen.3, fopen.3, fopencookie.3, fseek.3, ftw.3, futimes.3, getdate.3, getenv.3, getline.3, getlogin.3, getrpcent.3, getsubopt.3, getutmp.3, getw.3, gnu_get_libc_version.3, inet_net_pton.3, isalpha.3, lio_listio.3, makedev.3, malloc_get_state.3, malloc_stats.3, malloc_trim.3, malloc_usable_size.3, matherr.3, memchr.3, nextup.3, ntp_gettime.3, posix_madvise.3, program_invocation_name.3, pthread_atfork.3, pthread_attr_setaffinity_np.3, pthread_attr_setdetachstate.3, pthread_attr_setguardsize.3, pthread_attr_setinheritsched.3, pthread_attr_setschedparam.3, pthread_attr_setschedpolicy.3, pthread_attr_setscope.3, pthread_attr_setstack.3, pthread_attr_setstackaddr.3, pthread_attr_setstacksize.3, pthread_cleanup_push_defer_np.3, pthread_detach.3, pthread_equal.3, pthread_exit.3, pthread_join.3, pthread_kill.3, pthread_kill_other_threads_np.3, pthread_rwlockattr_setkind_np.3, pthread_self.3, pthread_setcancelstate.3, pthread_setconcurrency.3, pthread_setschedprio.3, pthread_testcancel.3, pthread_tryjoin_np.3, pthread_yield.3, puts.3, random.3, random_r.3, rpc.3, sched_getcpu.3, setnetgrent.3, sigwait.3, stdin.3, strerror.3, strfmon.3, timeradd.3, tmpnam.3, toupper.3, towlower.3, towupper.3, ttyname.3, uselocale.3, xdr.3, dsp56k.4, sigevent.7, vdso.7: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2017-08-15 19:39:04 +02:00
Michael Kerrisk f55a6d598d Changes, ldd.1, chown.2, epoll_wait.2, get_mempolicy.2, ioctl_getfsmap.2, madvise.2, membarrier.2, mount.2, pipe.2, readv.2, seccomp.2, sigaltstack.2, splice.2, tee.2, timer_create.2, vmsplice.2, acosh.3, asinh.3, atanh.3, bsd_signal.3, dl_iterate_phdr.3, dlsym.3, flockfile.3, fpathconf.3, ftw.3, getaddrinfo.3, getcontext.3, getgrent.3, if_nametoindex.3, malloc.3, nl_langinfo.3, posix_madvise.3, ptsname.3, rand.3, resolver.3, sigpause.3, sigwait.3, strtol.3, sysconf.3, ttyslot.3, unlocked_stdio.3, unlockpt.3, capabilities.7, cgroup_namespaces.7, inode.7, man.7, pipe.7, sigevent.7: tstamp 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2017-07-13 14:22:45 +02:00
Michael Kerrisk baaf65e88a seccomp.2: Minor tweaks to Mike's patch 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2017-07-05 10:46:44 +02:00
Mike Frysinger 089761d56d seccomp(2): Expand SECCOMP_RET_KILL documentation 
First clarify that the process cannot catch this SIGSYS signal.
While the text currently says that, it's easy (IMO) to read
ambiguously and that it's referring to default behavior (no
handler -> process exits).

Then add details regarding coredump behavior.  Before Linux 4.11,
there was no way to get coredumps from such crashes.  Now we can
at least get crashes from single threaded processes.

Signed-off-by: Mike Frysinger <vapier@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2017-07-05 10:41:53 +02:00
Jakub Wilk 5465ae9568 futex.2, open_by_handle_at.2, seccomp.2, socket.2, console_codes.4, protocols.5, aio.7, capabilities.7, libc.7, netlink.7, raw.7, standards.7, unicode.7, uri.7, vdso.7: tfix 
Escape hyphens in URLs.

Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2017-01-30 08:33:49 +13:00
Michael Kerrisk 88f02af602 seccomp.2: NOTES: mention ptrace(PTRACE_SECCOMP_GET_FILTER) to dump seccomp filters 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-11-08 14:07:56 +01:00
Jann Horn 09481df399 seccomp.2: Document changed interaction with ptrace 
Signed-off-by: Jann Horn <jann@thejh.net>
 2016-11-06 13:19:55 -07:00
Michael Kerrisk b8efb41432 memusage.1, memusagestat.1, pldd.1, accept.2, adjtimex.2, arch_prctl.2, bdflush.2, bpf.2, close.2, epoll_ctl.2, epoll_wait.2, execve.2, execveat.2, fanotify_init.2, fanotify_mark.2, fcntl.2, fsync.2, get_kernel_syms.2, getdomainname.2, getgroups.2, gethostname.2, getrandom.2, getrlimit.2, getrusage.2, getsid.2, getunwind.2, io_getevents.2, ioctl_fat.2, kexec_load.2, killpg.2, listxattr.2, lseek.2, madvise.2, memfd_create.2, mknod.2, mlock.2, modify_ldt.2, msgctl.2, msgget.2, msgop.2, readlink.2, readv.2, reboot.2, recvmmsg.2, rename.2, request_key.2, restart_syscall.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, seccomp.2, select_tut.2, semctl.2, semget.2, semop.2, set_thread_area.2, seteuid.2, setgid.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigprocmask.2, stat.2, symlink.2, syscall.2, sysctl.2, unlink.2, bindresvport.3, byteorder.3, dlopen.3, endian.3, error.3, ffs.3, fmemopen.3, getcwd.3, getlogin.3, getnetent.3, getprotoent.3, getservent.3, getumask.3, getutent.3, glob.3, isalpha.3, lio_listio.3, login.3, mbsinit.3, mbstowcs.3, mbtowc.3, mkstemp.3, nextup.3, ntp_gettime.3, posix_fallocate.3, posix_spawn.3, pthread_join.3, pthread_rwlockattr_setkind_np.3, random.3, rcmd.3, realpath.3, resolver.3, setjmp.3, setnetgrent.3, sigvec.3, strerror.3, strverscmp.3, system.3, toupper.3, towlower.3, towupper.3, wcstombs.3, wordexp.3, cciss.4, loop.4, mouse.4, random.4, core.5, group.5, hosts.5, resolv.conf.5, ascii.7, environ.7, epoll.7, glob.7, ip.7, mq_overview.7, packet.7, pipe.7, raw.7, sched.7, signal.7, socket.7, symlink.7, ld.so.8, sln.8: tstamp 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-10-08 14:08:23 +02:00
Michael Kerrisk be8f12726e seccomp.2: CAP_SYS_ADMIN is required only in caller's user namespace 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-09-12 16:54:28 +01:00
Michael Kerrisk bf7bc8b898 arch_prctl.2, execveat.2, fanotify_mark.2, fcntl.2, fork.2, madvise.2, mknod.2, mmap.2, modify_ldt.2, mount.2, open.2, prctl.2, ptrace.2, restart_syscall.2, seccomp.2, semop.2, set_thread_area.2, symlink.2, umount.2, unlink.2, error.3, getnetent.3, getprotoent.3, getservent.3, getutent.3, glob.3, login.3, setjmp.3, setnetgrent.3, wordexp.3, epoll.7: Remove section number from page self reference 
Fix places where pages refer to the function that they describe
and include a section number in that reference. Such references
cause some HTML-rendering tools to create self-references in the
page.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2016-08-08 05:54:12 +10:00
Michael Kerrisk 6f3c74a8b9 mremap.2, open.2, perf_event_open.2, prctl.2, ptrace.2, reboot.2, seccomp.2, signalfd.2, syscalls.2, __ppc_set_ppr_med.3, daemon.3, dirfd.3, fgetgrent.3, fgetpwent.3, getauxval.3, getspnam.3, mallinfo.3, mallopt.3, posix_fallocate.3, termios.3, tty_ioctl.4, core.5, nsswitch.conf.5, proc.5, aio.7, capabilities.7, path_resolution.7, pipe.7, rtld-audit.7, signal.7, tcp.7: tstamp 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-12-05 10:46:28 +01:00
Michael Kerrisk d74503a55a seccomp.2: Note why all filters in a set are executed even after SECCOMP_RET_KILL 
Reported-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-09-05 09:00:02 +02:00
Michael Kerrisk 755a656a49 seccomp.2: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-09-05 08:51:37 +02:00
Michael Kerrisk 712551eaad seccomp.2: Describe use of 'instruction_pointer' data field 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-09-05 08:43:31 +02:00
Michael Kerrisk 944a31e27f seccomp.2: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-09-05 08:31:14 +02:00
Michael Kerrisk ccc70c8135 seccomp.2: SEE ALSO: add scmp_sys_resolver(1) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-08-08 13:44:20 +02:00
Michael Kerrisk ca6f43fc0e seccomp.2: SEE ALSO: mention libseccomp pages 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-08-08 10:32:18 +02:00
Michael Kerrisk 8cc4d07100 Removed trailing white space at end of lines 2015-07-23 16:15:22 +02:00
Michael Kerrisk 5722c835ab intro.1, locale.1, _exit.2, access.2, bpf.2, brk.2, capget.2, chmod.2, chroot.2, clock_getres.2, clone.2, eventfd.2, fallocate.2, fork.2, getgroups.2, gethostname.2, getpid.2, getpriority.2, getrlimit.2, getrusage.2, gettid.2, iopl.2, ioprio_set.2, killpg.2, mlock.2, mprotect.2, perf_event_open.2, poll.2, posix_fadvise.2, pread.2, ptrace.2, read.2, readv.2, recv.2, rename.2, sched_setaffinity.2, sched_setattr.2, seccomp.2, select.2, send.2, seteuid.2, setgid.2, setresuid.2, setreuid.2, setuid.2, sigaltstack.2, signalfd.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, stat.2, timer_create.2, uname.2, utimensat.2, wait.2, wait4.2, write.2, MB_LEN_MAX.3, __ppc_get_timebase.3, clearenv.3, dl_iterate_phdr.3, error.3, fexecve.3, fpurge.3, fread.3, fts.3, getaddrinfo.3, getaddrinfo_a.3, getauxval.3, getgrent_r.3, gethostbyname.3, getifaddrs.3, getnameinfo.3, getnetent_r.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent_r.3, getrpcent.3, getrpcent_r.3, getrpcport.3, getservent.3, getservent_r.3, gsignal.3, key_setsecret.3, malloc_get_state.3, malloc_info.3, malloc_stats.3, malloc_trim.3, memcpy.3, mq_notify.3, mq_open.3, perror.3, profil.3, psignal.3, pthread_attr_init.3, pthread_attr_setaffinity_np.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_create.3, pthread_detach.3, pthread_getattr_np.3, pthread_join.3, pthread_setname_np.3, pthread_tryjoin_np.3, putgrent.3, rcmd.3, rpc.3, rpmatch.3, sem_close.3, sem_open.3, setaliasent.3, shm_open.3, sigqueue.3, strfmon.3, xcrypt.3, xdr.3, console_codes.4, null.4, core.5, host.conf.5, hosts.equiv.5, locale.5, repertoiremap.5, locale.7, man-pages.7, pty.7, rtld-audit.7, sched.7, vdso.7: tstamp 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-07-23 16:12:28 +02:00
Michael Kerrisk 00eaa6aaae seccomp.2: SEE ALSO: add bpf(2) 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-07-23 15:37:27 +02:00
Michael Kerrisk fe56ce1c5f seccomp.2: wfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-07-13 14:06:24 +02:00
Michael Kerrisk 3c5ab7703e seccomp.2: srcfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-07-03 12:40:48 +02:00
Michael Kerrisk 85fbef7408 prctl.2, seccomp.2: Clarify that SECCOMP_SET_MODE_STRICT disallows exit_group(2) 
These days, glibc implements _exit() as a wrapper around
exit_group(2). (When seccomp was originally introduced, this was
not the case.) Give the reader a clue that, despite what glibc is
doing, what SECCOMP_SET_MODE_STRICT permits is the true _exit(2)
system call, and not exit_group(2).

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-07-03 12:40:16 +02:00
Michael Kerrisk 7a79bb301a seccomp.2: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-06-30 13:29:23 +02:00
Michael Kerrisk e9855ef2f7 seccomp.2: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-06-30 13:29:00 +02:00
Michael Kerrisk 65cfc71220 seccomp.2: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-06-30 13:28:10 +02:00
Michael Kerrisk ef5a2800f7 seccomp.2: srcfix 
Reported-by: Sam Varshavchik <mrsam@courier-mta.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-05-08 16:13:42 +02:00
Michael Kerrisk 1a7e5113c6 seccomp.2: Note that seccomp_data is read-only 
Reported-by: Pierre Chifflier <pollux@debian.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-04-19 09:33:38 +02:00
Michael Kerrisk 0582770c52 seccomp.2: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-04-11 08:46:26 +02:00
Michael Kerrisk 1e64c86bbf intro.1, ldd.1, clone.2, getgroups.2, getpid.2, getsockopt.2, ioctl_list.2, msgop.2, open.2, seccomp.2, setgid.2, setresuid.2, setreuid.2, setuid.2, sigaction.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, syscall.2, syscalls.2, umount.2, clock.3, dlopen.3, fmemopen.3, fpathconf.3, fputwc.3, fputws.3, fseek.3, fseeko.3, gcvt.3, getline.3, getwchar.3, hypot.3, if_nameindex.3, initgroups.3, popen.3, resolver.3, strcoll.3, strdup.3, tzset.3, ulimit.3, wcstombs.3, wctob.3, xdr.3, console_codes.4, random.4, filesystems.5, host.conf.5, hosts.5, proc.5, resolv.conf.5, securetty.5, credentials.7, feature_test_macros.7, hier.7, ipv6.7, packet.7, pthreads.7, raw.7, signal.7, tcp.7, user_namespaces.7, ld.so.8, ldconfig.8: tstamp 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-03-29 22:30:09 +02:00
Michael Kerrisk 37daa840af seccomp.2: Minor edits to Jann Horn's patch 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-03-29 18:09:56 +02:00
Jann Horn b44088b44f seccomp.2: Explain blacklisting problems, expand example 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-03-29 17:52:09 +02:00
Michael Kerrisk 65be1b46fb seccomp.2: Minor fixes to Jann Horn's patch 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-03-22 20:25:10 +01:00
Jann Horn bec56ee2bb seccomp.2: Add note about alarm(2) not being sufficient to limit runtime 
On Wed, Mar 11, 2015 at 10:43:50PM +0100, Mikael Pettersson wrote:
> Jann Horn writes:
>  > Or should I throw this patch away and write a patch
>  > for the prctl() manpage instead that documents that
>  > being able to call sigreturn() implies being able to
>  > effectively call sigprocmask(), at least on some
>  > architectures like X86?
>
> Well, that is the semantics of sigreturn().  It is essentially
> setcontext() [which includes the actions of sigprocmask()], but
> with restrictions on parameter placement (at least on x86).
>
> You could introduce some setting to restrict that aspect for
> seccomp processes, but you can't change this for normal processes
> without breaking things.

Then I think it's probably better and easier to just document the
existing behavior? If a new setting would have to be introduced
and developers would need to be aware of that, it's probably
easier to just tell everyone to use SIGKILL.

Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Mikael Pettersson <mikpelinux@gmail.com>
Acked-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-03-22 20:25:03 +01:00
Michael Kerrisk aea38298b3 seccomp.2: Add mention of libseccomp 
Reported-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-03-15 09:51:44 +01:00
Michael Kerrisk 71bb61ecf6 seccomp.2: tfix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-03-10 10:47:22 +01:00
Kees Cook 3b4a59c4b5 ptrace.2, sigaction.2, seccomp.2: Ptrace and siginfo details 
While writing some additional seccomp tests, I realized
PTRACE_EVENT_SECCOMP wasn't documented yet. Fixed this, and added
additional notes related to ptrace events SIGTRAP details.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-18 12:04:32 +01:00
Michael Kerrisk dff539545a seccomp.2: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-16 07:55:21 +01:00
Michael Kerrisk 1ac80024c9 perf_event_open.2, seccomp.2, setns.2, shmget.2, memchr.3, pthread_tryjoin_np.3, strstr.3, random.4, epoll.7, netlink.7, pid_namespaces.7, tcp.7: tstamp 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 16:05:01 +01:00
Michael Kerrisk 5ac5e03b0d seccomp.2: srcfix: Remove a FIXME 
Quoting Daniel's response to my FIXME

> Still hoping to hear from Will Drewy regarding this FIXME in the
> page source:
>
> .\" FIXME What is the significance of the line
> .\"           ftest->code = BPF_LDX | BPF_W | BPF_ABS;
> .\"       in kernel/seccomp.c::seccomp_check_filter()?

This came in from our rework via commit bd4cf0ed331a ("net: filter:
rework/optimize internal BPF interpreter's instruction set"), and
is kernel-internal only, and unused in classic BPF. It translates
into A = *(u32 *) (ctx + K) and will basically load an offset from
the populated seccomp_data (= ctx) to A. For the man-page itself
it has therefore no relevance, hope that clarifies it.

Reviewed-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk a79566fba6 seccomp.2: wfix 
Revert a wording change, as suggested by Kees Cook.

Reported-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 1367a60afb seccomp.2: A process's seccomp mode is viewable via /proc/PID/status "Seccomp" 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 068653012c seccomp.2: Changes after review feedback by Kees Cook 
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 36931cfc80 seccomp.2: srcfx: Add FIXME 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk ef05ec712f seccomp.2: Minor fix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 699996321d seccomp.2: Tweak an argument name 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 6426723630 seccomp.2: EXAMPLE: Expand comments in the BPF program 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 86ae10e3bd seccomp.2: Rename arguments inside example program 
Rename the arguments to install_filter() to improve readability
a little and to remove a little ambiguity. In particular, rename
'arch' to 't_arch' so that it does not get confused with the
seccomp_data field of the same name.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk cecc8c48ba seccomp.2: Add subsection on seccomp-specific BPF details 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00
Michael Kerrisk 93b9a9eeff seccomp.2: ffix 
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
 2015-01-10 09:38:10 +01:00