Michael Kerrisk
dbfe9c700e
_syscall.2, clock_getres.2, clone.2, copy_file_range.2, create_module.2, delete_module.2, fallocate.2, futex.2, get_kernel_syms.2, get_robust_list.2, getcpu.2, getdents.2, gettid.2, gettimeofday.2, getunwind.2, init_module.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_userfaultfd.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, link.2, llseek.2, memfd_create.2, mmap.2, mq_getsetattr.2, msgctl.2, msgget.2, open_by_handle_at.2, outb.2, perf_event_open.2, pivot_root.2, process_vm_readv.2, query_module.2, readdir.2, recvmmsg.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_setattr.2, seccomp.2, select.2, select_tut.2, send.2, sendmmsg.2, set_thread_area.2, set_tid_address.2, sgetmask.2, shmop.2, sigaction.2, sigprocmask.2, splice.2, spu_create.2, spu_run.2, statx.2, subpage_prot.2, sync_file_range.2, syscall.2, sysctl.2, sysfs.2, tee.2, timer_create.2, timer_delete.2, timer_getoverrun.2, timer_settime.2, tkill.2, uselib.2, utimensat.2, vmsplice.2, wait.2, aio_init.3, asinh.3, atan2.3, atanh.3, backtrace.3, basename.3, bswap.3, bzero.3, catgets.3, catopen.3, dladdr.3, dlsym.3, endian.3, envz_add.3, erf.3, erfc.3, error.3, ferror.3, ffs.3, fgetc.3, fmemopen.3, fopen.3, fopencookie.3, fseek.3, ftw.3, futimes.3, getdate.3, getenv.3, getline.3, getlogin.3, getrpcent.3, getsubopt.3, getutmp.3, getw.3, gnu_get_libc_version.3, inet_net_pton.3, isalpha.3, lio_listio.3, makedev.3, malloc_get_state.3, malloc_stats.3, malloc_trim.3, malloc_usable_size.3, matherr.3, memchr.3, nextup.3, ntp_gettime.3, posix_madvise.3, program_invocation_name.3, pthread_atfork.3, pthread_attr_setaffinity_np.3, pthread_attr_setdetachstate.3, pthread_attr_setguardsize.3, pthread_attr_setinheritsched.3, pthread_attr_setschedparam.3, pthread_attr_setschedpolicy.3, pthread_attr_setscope.3, pthread_attr_setstack.3, pthread_attr_setstackaddr.3, pthread_attr_setstacksize.3, pthread_cleanup_push_defer_np.3, pthread_detach.3, pthread_equal.3, pthread_exit.3, pthread_join.3, pthread_kill.3, pthread_kill_other_threads_np.3, pthread_rwlockattr_setkind_np.3, pthread_self.3, pthread_setcancelstate.3, pthread_setconcurrency.3, pthread_setschedprio.3, pthread_testcancel.3, pthread_tryjoin_np.3, pthread_yield.3, puts.3, random.3, random_r.3, rpc.3, sched_getcpu.3, setnetgrent.3, sigwait.3, stdin.3, strerror.3, strfmon.3, timeradd.3, tmpnam.3, toupper.3, towlower.3, towupper.3, ttyname.3, uselocale.3, xdr.3, dsp56k.4, sigevent.7, vdso.7: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-15 19:39:04 +02:00
Michael Kerrisk
f55a6d598d
Changes, ldd.1, chown.2, epoll_wait.2, get_mempolicy.2, ioctl_getfsmap.2, madvise.2, membarrier.2, mount.2, pipe.2, readv.2, seccomp.2, sigaltstack.2, splice.2, tee.2, timer_create.2, vmsplice.2, acosh.3, asinh.3, atanh.3, bsd_signal.3, dl_iterate_phdr.3, dlsym.3, flockfile.3, fpathconf.3, ftw.3, getaddrinfo.3, getcontext.3, getgrent.3, if_nametoindex.3, malloc.3, nl_langinfo.3, posix_madvise.3, ptsname.3, rand.3, resolver.3, sigpause.3, sigwait.3, strtol.3, sysconf.3, ttyslot.3, unlocked_stdio.3, unlockpt.3, capabilities.7, cgroup_namespaces.7, inode.7, man.7, pipe.7, sigevent.7: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-07-13 14:22:45 +02:00
Michael Kerrisk
baaf65e88a
seccomp.2: Minor tweaks to Mike's patch
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-07-05 10:46:44 +02:00
Mike Frysinger
089761d56d
seccomp(2): Expand SECCOMP_RET_KILL documentation
...
First clarify that the process cannot catch this SIGSYS signal.
While the text currently says that, it's easy (IMO) to read
ambiguously and that it's referring to default behavior (no
handler -> process exits).
Then add details regarding coredump behavior. Before Linux 4.11,
there was no way to get coredumps from such crashes. Now we can
at least get crashes from single threaded processes.
Signed-off-by: Mike Frysinger <vapier@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-07-05 10:41:53 +02:00
Jakub Wilk
5465ae9568
futex.2, open_by_handle_at.2, seccomp.2, socket.2, console_codes.4, protocols.5, aio.7, capabilities.7, libc.7, netlink.7, raw.7, standards.7, unicode.7, uri.7, vdso.7: tfix
...
Escape hyphens in URLs.
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-01-30 08:33:49 +13:00
Michael Kerrisk
88f02af602
seccomp.2: NOTES: mention ptrace(PTRACE_SECCOMP_GET_FILTER) to dump seccomp filters
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-11-08 14:07:56 +01:00
Jann Horn
09481df399
seccomp.2: Document changed interaction with ptrace
...
Signed-off-by: Jann Horn <jann@thejh.net>
2016-11-06 13:19:55 -07:00
Michael Kerrisk
b8efb41432
memusage.1, memusagestat.1, pldd.1, accept.2, adjtimex.2, arch_prctl.2, bdflush.2, bpf.2, close.2, epoll_ctl.2, epoll_wait.2, execve.2, execveat.2, fanotify_init.2, fanotify_mark.2, fcntl.2, fsync.2, get_kernel_syms.2, getdomainname.2, getgroups.2, gethostname.2, getrandom.2, getrlimit.2, getrusage.2, getsid.2, getunwind.2, io_getevents.2, ioctl_fat.2, kexec_load.2, killpg.2, listxattr.2, lseek.2, madvise.2, memfd_create.2, mknod.2, mlock.2, modify_ldt.2, msgctl.2, msgget.2, msgop.2, readlink.2, readv.2, reboot.2, recvmmsg.2, rename.2, request_key.2, restart_syscall.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, seccomp.2, select_tut.2, semctl.2, semget.2, semop.2, set_thread_area.2, seteuid.2, setgid.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigprocmask.2, stat.2, symlink.2, syscall.2, sysctl.2, unlink.2, bindresvport.3, byteorder.3, dlopen.3, endian.3, error.3, ffs.3, fmemopen.3, getcwd.3, getlogin.3, getnetent.3, getprotoent.3, getservent.3, getumask.3, getutent.3, glob.3, isalpha.3, lio_listio.3, login.3, mbsinit.3, mbstowcs.3, mbtowc.3, mkstemp.3, nextup.3, ntp_gettime.3, posix_fallocate.3, posix_spawn.3, pthread_join.3, pthread_rwlockattr_setkind_np.3, random.3, rcmd.3, realpath.3, resolver.3, setjmp.3, setnetgrent.3, sigvec.3, strerror.3, strverscmp.3, system.3, toupper.3, towlower.3, towupper.3, wcstombs.3, wordexp.3, cciss.4, loop.4, mouse.4, random.4, core.5, group.5, hosts.5, resolv.conf.5, ascii.7, environ.7, epoll.7, glob.7, ip.7, mq_overview.7, packet.7, pipe.7, raw.7, sched.7, signal.7, socket.7, symlink.7, ld.so.8, sln.8: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-10-08 14:08:23 +02:00
Michael Kerrisk
be8f12726e
seccomp.2: CAP_SYS_ADMIN is required only in caller's user namespace
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-09-12 16:54:28 +01:00
Michael Kerrisk
bf7bc8b898
arch_prctl.2, execveat.2, fanotify_mark.2, fcntl.2, fork.2, madvise.2, mknod.2, mmap.2, modify_ldt.2, mount.2, open.2, prctl.2, ptrace.2, restart_syscall.2, seccomp.2, semop.2, set_thread_area.2, symlink.2, umount.2, unlink.2, error.3, getnetent.3, getprotoent.3, getservent.3, getutent.3, glob.3, login.3, setjmp.3, setnetgrent.3, wordexp.3, epoll.7: Remove section number from page self reference
...
Fix places where pages refer to the function that they describe
and include a section number in that reference. Such references
cause some HTML-rendering tools to create self-references in the
page.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-08-08 05:54:12 +10:00
Michael Kerrisk
6f3c74a8b9
mremap.2, open.2, perf_event_open.2, prctl.2, ptrace.2, reboot.2, seccomp.2, signalfd.2, syscalls.2, __ppc_set_ppr_med.3, daemon.3, dirfd.3, fgetgrent.3, fgetpwent.3, getauxval.3, getspnam.3, mallinfo.3, mallopt.3, posix_fallocate.3, termios.3, tty_ioctl.4, core.5, nsswitch.conf.5, proc.5, aio.7, capabilities.7, path_resolution.7, pipe.7, rtld-audit.7, signal.7, tcp.7: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-12-05 10:46:28 +01:00
Michael Kerrisk
d74503a55a
seccomp.2: Note why all filters in a set are executed even after SECCOMP_RET_KILL
...
Reported-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-09-05 09:00:02 +02:00
Michael Kerrisk
755a656a49
seccomp.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-09-05 08:51:37 +02:00
Michael Kerrisk
712551eaad
seccomp.2: Describe use of 'instruction_pointer' data field
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-09-05 08:43:31 +02:00
Michael Kerrisk
944a31e27f
seccomp.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-09-05 08:31:14 +02:00
Michael Kerrisk
ccc70c8135
seccomp.2: SEE ALSO: add scmp_sys_resolver(1)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-08-08 13:44:20 +02:00
Michael Kerrisk
ca6f43fc0e
seccomp.2: SEE ALSO: mention libseccomp pages
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-08-08 10:32:18 +02:00
Michael Kerrisk
8cc4d07100
Removed trailing white space at end of lines
2015-07-23 16:15:22 +02:00
Michael Kerrisk
5722c835ab
intro.1, locale.1, _exit.2, access.2, bpf.2, brk.2, capget.2, chmod.2, chroot.2, clock_getres.2, clone.2, eventfd.2, fallocate.2, fork.2, getgroups.2, gethostname.2, getpid.2, getpriority.2, getrlimit.2, getrusage.2, gettid.2, iopl.2, ioprio_set.2, killpg.2, mlock.2, mprotect.2, perf_event_open.2, poll.2, posix_fadvise.2, pread.2, ptrace.2, read.2, readv.2, recv.2, rename.2, sched_setaffinity.2, sched_setattr.2, seccomp.2, select.2, send.2, seteuid.2, setgid.2, setresuid.2, setreuid.2, setuid.2, sigaltstack.2, signalfd.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, stat.2, timer_create.2, uname.2, utimensat.2, wait.2, wait4.2, write.2, MB_LEN_MAX.3, __ppc_get_timebase.3, clearenv.3, dl_iterate_phdr.3, error.3, fexecve.3, fpurge.3, fread.3, fts.3, getaddrinfo.3, getaddrinfo_a.3, getauxval.3, getgrent_r.3, gethostbyname.3, getifaddrs.3, getnameinfo.3, getnetent_r.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent_r.3, getrpcent.3, getrpcent_r.3, getrpcport.3, getservent.3, getservent_r.3, gsignal.3, key_setsecret.3, malloc_get_state.3, malloc_info.3, malloc_stats.3, malloc_trim.3, memcpy.3, mq_notify.3, mq_open.3, perror.3, profil.3, psignal.3, pthread_attr_init.3, pthread_attr_setaffinity_np.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_create.3, pthread_detach.3, pthread_getattr_np.3, pthread_join.3, pthread_setname_np.3, pthread_tryjoin_np.3, putgrent.3, rcmd.3, rpc.3, rpmatch.3, sem_close.3, sem_open.3, setaliasent.3, shm_open.3, sigqueue.3, strfmon.3, xcrypt.3, xdr.3, console_codes.4, null.4, core.5, host.conf.5, hosts.equiv.5, locale.5, repertoiremap.5, locale.7, man-pages.7, pty.7, rtld-audit.7, sched.7, vdso.7: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-07-23 16:12:28 +02:00
Michael Kerrisk
00eaa6aaae
seccomp.2: SEE ALSO: add bpf(2)
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-07-23 15:37:27 +02:00
Michael Kerrisk
fe56ce1c5f
seccomp.2: wfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-07-13 14:06:24 +02:00
Michael Kerrisk
3c5ab7703e
seccomp.2: srcfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-07-03 12:40:48 +02:00
Michael Kerrisk
85fbef7408
prctl.2, seccomp.2: Clarify that SECCOMP_SET_MODE_STRICT disallows exit_group(2)
...
These days, glibc implements _exit() as a wrapper around
exit_group(2). (When seccomp was originally introduced, this was
not the case.) Give the reader a clue that, despite what glibc is
doing, what SECCOMP_SET_MODE_STRICT permits is the true _exit(2)
system call, and not exit_group(2).
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-07-03 12:40:16 +02:00
Michael Kerrisk
7a79bb301a
seccomp.2: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-06-30 13:29:23 +02:00
Michael Kerrisk
e9855ef2f7
seccomp.2: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-06-30 13:29:00 +02:00
Michael Kerrisk
65cfc71220
seccomp.2: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-06-30 13:28:10 +02:00
Michael Kerrisk
ef5a2800f7
seccomp.2: srcfix
...
Reported-by: Sam Varshavchik <mrsam@courier-mta.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-05-08 16:13:42 +02:00
Michael Kerrisk
1a7e5113c6
seccomp.2: Note that seccomp_data is read-only
...
Reported-by: Pierre Chifflier <pollux@debian.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-19 09:33:38 +02:00
Michael Kerrisk
0582770c52
seccomp.2: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-04-11 08:46:26 +02:00
Michael Kerrisk
1e64c86bbf
intro.1, ldd.1, clone.2, getgroups.2, getpid.2, getsockopt.2, ioctl_list.2, msgop.2, open.2, seccomp.2, setgid.2, setresuid.2, setreuid.2, setuid.2, sigaction.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, syscall.2, syscalls.2, umount.2, clock.3, dlopen.3, fmemopen.3, fpathconf.3, fputwc.3, fputws.3, fseek.3, fseeko.3, gcvt.3, getline.3, getwchar.3, hypot.3, if_nameindex.3, initgroups.3, popen.3, resolver.3, strcoll.3, strdup.3, tzset.3, ulimit.3, wcstombs.3, wctob.3, xdr.3, console_codes.4, random.4, filesystems.5, host.conf.5, hosts.5, proc.5, resolv.conf.5, securetty.5, credentials.7, feature_test_macros.7, hier.7, ipv6.7, packet.7, pthreads.7, raw.7, signal.7, tcp.7, user_namespaces.7, ld.so.8, ldconfig.8: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-29 22:30:09 +02:00
Michael Kerrisk
37daa840af
seccomp.2: Minor edits to Jann Horn's patch
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-29 18:09:56 +02:00
Jann Horn
b44088b44f
seccomp.2: Explain blacklisting problems, expand example
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-29 17:52:09 +02:00
Michael Kerrisk
65be1b46fb
seccomp.2: Minor fixes to Jann Horn's patch
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 20:25:10 +01:00
Jann Horn
bec56ee2bb
seccomp.2: Add note about alarm(2) not being sufficient to limit runtime
...
On Wed, Mar 11, 2015 at 10:43:50PM +0100, Mikael Pettersson wrote:
> Jann Horn writes:
> > Or should I throw this patch away and write a patch
> > for the prctl() manpage instead that documents that
> > being able to call sigreturn() implies being able to
> > effectively call sigprocmask(), at least on some
> > architectures like X86?
>
> Well, that is the semantics of sigreturn(). It is essentially
> setcontext() [which includes the actions of sigprocmask()], but
> with restrictions on parameter placement (at least on x86).
>
> You could introduce some setting to restrict that aspect for
> seccomp processes, but you can't change this for normal processes
> without breaking things.
Then I think it's probably better and easier to just document the
existing behavior? If a new setting would have to be introduced
and developers would need to be aware of that, it's probably
easier to just tell everyone to use SIGKILL.
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Mikael Pettersson <mikpelinux@gmail.com>
Acked-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-22 20:25:03 +01:00
Michael Kerrisk
aea38298b3
seccomp.2: Add mention of libseccomp
...
Reported-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-15 09:51:44 +01:00
Michael Kerrisk
71bb61ecf6
seccomp.2: tfix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-03-10 10:47:22 +01:00
Kees Cook
3b4a59c4b5
ptrace.2, sigaction.2, seccomp.2: Ptrace and siginfo details
...
While writing some additional seccomp tests, I realized
PTRACE_EVENT_SECCOMP wasn't documented yet. Fixed this, and added
additional notes related to ptrace events SIGTRAP details.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-18 12:04:32 +01:00
Michael Kerrisk
dff539545a
seccomp.2: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-16 07:55:21 +01:00
Michael Kerrisk
1ac80024c9
perf_event_open.2, seccomp.2, setns.2, shmget.2, memchr.3, pthread_tryjoin_np.3, strstr.3, random.4, epoll.7, netlink.7, pid_namespaces.7, tcp.7: tstamp
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 16:05:01 +01:00
Michael Kerrisk
5ac5e03b0d
seccomp.2: srcfix: Remove a FIXME
...
Quoting Daniel's response to my FIXME
> Still hoping to hear from Will Drewy regarding this FIXME in the
> page source:
>
> .\" FIXME What is the significance of the line
> .\" ftest->code = BPF_LDX | BPF_W | BPF_ABS;
> .\" in kernel/seccomp.c::seccomp_check_filter()?
This came in from our rework via commit bd4cf0ed331a ("net: filter:
rework/optimize internal BPF interpreter's instruction set"), and
is kernel-internal only, and unused in classic BPF. It translates
into A = *(u32 *) (ctx + K) and will basically load an offset from
the populated seccomp_data (= ctx) to A. For the man-page itself
it has therefore no relevance, hope that clarifies it.
Reviewed-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
a79566fba6
seccomp.2: wfix
...
Revert a wording change, as suggested by Kees Cook.
Reported-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
1367a60afb
seccomp.2: A process's seccomp mode is viewable via /proc/PID/status "Seccomp"
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
068653012c
seccomp.2: Changes after review feedback by Kees Cook
...
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
36931cfc80
seccomp.2: srcfx: Add FIXME
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
ef05ec712f
seccomp.2: Minor fix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
699996321d
seccomp.2: Tweak an argument name
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
6426723630
seccomp.2: EXAMPLE: Expand comments in the BPF program
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
86ae10e3bd
seccomp.2: Rename arguments inside example program
...
Rename the arguments to install_filter() to improve readability
a little and to remove a little ambiguity. In particular, rename
'arch' to 't_arch' so that it does not get confused with the
seccomp_data field of the same name.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
cecc8c48ba
seccomp.2: Add subsection on seccomp-specific BPF details
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00
Michael Kerrisk
93b9a9eeff
seccomp.2: ffix
...
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2015-01-10 09:38:10 +01:00