seccomp.2: Warn reader that SECCOMP_RET_TRACE can be overridden

Highlight to the reader that if another filter returns a higher-precedence action value, then the ptracer will not be notified. Reported-by: Jann Horn <jannh@google.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
author: Michael Kerrisk <mtk.manpages@gmail.com> 2020-10-15 13:02:36 +0200
committer: Michael Kerrisk <mtk.manpages@gmail.com> 2020-10-15 13:06:36 +0200
commit: 4b6e3782e163bcc05ca2464647ce990af079feb7 (patch)
tree: 345c6ecb39998453f59ad7ba750d104e12e3bb8b
parent: 025584732ff965ecadc119a3e63cc7f435a3f72a (diff)
download: man-pages-4b6e3782e163bcc05ca2464647ce990af079feb7.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/man2/seccomp.2 b/man2/seccomp.2
index 9d42f22f93..4cacbbde5d 100644
--- a/man2/seccomp.2
+++ b/man2/seccomp.2
@@ -606,6 +606,10 @@ allow use of
 of other
 sandboxed processes\(emwithout extreme care;
 ptracers can use this mechanism to escape from the seccomp sandbox.)
+.IP
+Note that a tracer process will not be notified
+if another filter returns an action value with a precedence greater than
+.BR SECCOMP_RET_TRACE .
 .TP
 .BR SECCOMP_RET_LOG " (since Linux 4.14)"
 .\" commit 59f5cf44a38284eb9e76270c786fb6cc62ef8ac4
author	Michael Kerrisk <mtk.manpages@gmail.com>	2020-10-15 13:02:36 +0200
committer	Michael Kerrisk <mtk.manpages@gmail.com>	2020-10-15 13:06:36 +0200
commit	4b6e3782e163bcc05ca2464647ce990af079feb7 (patch)
tree	345c6ecb39998453f59ad7ba750d104e12e3bb8b
parent	025584732ff965ecadc119a3e63cc7f435a3f72a (diff)
download	man-pages-4b6e3782e163bcc05ca2464647ce990af079feb7.tar.gz