mirror of https://github.com/mkerrisk/man-pages
Compare commits
2 Commits
e186261405
...
ae6b221882
Author | SHA1 | Date |
---|---|---|
Michael Kerrisk | ae6b221882 | |
Michael Kerrisk | 2da936fe2b |
71
man2/prctl.2
71
man2/prctl.2
|
@ -1135,72 +1135,48 @@ the available system calls.
|
||||||
The more recent
|
The more recent
|
||||||
.BR seccomp (2)
|
.BR seccomp (2)
|
||||||
system call provides a superset of the functionality of
|
system call provides a superset of the functionality of
|
||||||
.BR PR_SET_SECCOMP .
|
.BR PR_SET_SECCOMP ,
|
||||||
|
and is the preferred interface for new applications.
|
||||||
.IP
|
.IP
|
||||||
The seccomp mode is selected via
|
The seccomp mode is selected via
|
||||||
.IR arg2 .
|
.IR arg2 .
|
||||||
(The seccomp constants are defined in
|
(The seccomp constants are defined in
|
||||||
.IR <linux/seccomp.h> .)
|
.IR <linux/seccomp.h> .)
|
||||||
|
The following values can be specified:
|
||||||
|
.RS
|
||||||
|
.TP
|
||||||
|
.BR SECCOMP_MODE_STRICT " (since Linux 2.6.23)"
|
||||||
|
See the description of
|
||||||
|
.B SECCOMP_SET_MODE_STRICT
|
||||||
|
in
|
||||||
|
.BR seccomp (2).
|
||||||
.IP
|
.IP
|
||||||
With
|
|
||||||
.IR arg2
|
|
||||||
set to
|
|
||||||
.BR SECCOMP_MODE_STRICT ,
|
|
||||||
the only system calls that the thread is permitted to make are
|
|
||||||
.BR read (2),
|
|
||||||
.BR write (2),
|
|
||||||
.BR _exit (2)
|
|
||||||
(but not
|
|
||||||
.BR exit_group (2)),
|
|
||||||
and
|
|
||||||
.BR sigreturn (2).
|
|
||||||
Other system calls result in the delivery of a
|
|
||||||
.BR SIGKILL
|
|
||||||
signal.
|
|
||||||
Strict secure computing mode is useful for number-crunching applications
|
|
||||||
that may need to execute untrusted byte code,
|
|
||||||
perhaps obtained by reading from a pipe or socket.
|
|
||||||
This operation is available only
|
This operation is available only
|
||||||
if the kernel is configured with
|
if the kernel is configured with
|
||||||
.B CONFIG_SECCOMP
|
.B CONFIG_SECCOMP
|
||||||
enabled.
|
enabled.
|
||||||
.IP
|
.TP
|
||||||
With
|
.BR SECCOMP_MODE_FILTER " (since Linux 3.5)"
|
||||||
.IR arg2
|
The allowed system calls are defined by a pointer
|
||||||
set to
|
|
||||||
.BR SECCOMP_MODE_FILTER " (since Linux 3.5),"
|
|
||||||
the system calls allowed are defined by a pointer
|
|
||||||
to a Berkeley Packet Filter passed in
|
to a Berkeley Packet Filter passed in
|
||||||
.IR arg3 .
|
.IR arg3 .
|
||||||
This argument is a pointer to
|
This argument is a pointer to
|
||||||
.IR "struct sock_fprog" ;
|
.IR "struct sock_fprog" ;
|
||||||
it can be designed to filter
|
it can be designed to filter
|
||||||
arbitrary system calls and system call arguments.
|
arbitrary system calls and system call arguments.
|
||||||
This mode is available only if the kernel is configured with
|
See the description of
|
||||||
|
.B SECCOMP_SET_MODE_FILTER
|
||||||
|
in
|
||||||
|
.BR seccomp (2).
|
||||||
|
.IP
|
||||||
|
This operation is available only
|
||||||
|
if the kernel is configured with
|
||||||
.B CONFIG_SECCOMP_FILTER
|
.B CONFIG_SECCOMP_FILTER
|
||||||
enabled.
|
enabled.
|
||||||
|
.RE
|
||||||
.IP
|
.IP
|
||||||
If
|
For further details on seccomp filtering, see
|
||||||
.BR SECCOMP_MODE_FILTER
|
.BR seccomp (2).
|
||||||
filters permit
|
|
||||||
.BR fork (2),
|
|
||||||
then the seccomp mode is inherited by children created by
|
|
||||||
.BR fork (2);
|
|
||||||
if
|
|
||||||
.BR execve (2)
|
|
||||||
is permitted, then the seccomp mode is preserved across
|
|
||||||
.BR execve (2).
|
|
||||||
If the filters permit
|
|
||||||
.BR prctl ()
|
|
||||||
calls, then additional filters can be added;
|
|
||||||
they are run in order until the first non-allow result is seen.
|
|
||||||
.IP
|
|
||||||
For further information, see the kernel source file
|
|
||||||
.IR Documentation/userspace\-api/seccomp_filter.rst
|
|
||||||
.\" commit c061f33f35be0ccc80f4b8e0aea5dfd2ed7e01a3
|
|
||||||
(or
|
|
||||||
.IR Documentation/prctl/seccomp_filter.txt
|
|
||||||
before Linux 4.13).
|
|
||||||
.\" prctl PR_GET_SECCOMP
|
.\" prctl PR_GET_SECCOMP
|
||||||
.TP
|
.TP
|
||||||
.BR PR_GET_SECCOMP " (since Linux 2.6.23)"
|
.BR PR_GET_SECCOMP " (since Linux 2.6.23)"
|
||||||
|
@ -1216,6 +1192,7 @@ If the caller is in filter mode, and this system call is allowed by the
|
||||||
seccomp filters, it returns 2; otherwise, the process is killed with a
|
seccomp filters, it returns 2; otherwise, the process is killed with a
|
||||||
.BR SIGKILL
|
.BR SIGKILL
|
||||||
signal.
|
signal.
|
||||||
|
.IP
|
||||||
This operation is available only
|
This operation is available only
|
||||||
if the kernel is configured with
|
if the kernel is configured with
|
||||||
.B CONFIG_SECCOMP
|
.B CONFIG_SECCOMP
|
||||||
|
|
Loading…
Reference in New Issue