diff options
| author | Alejandro Colomar <alx@kernel.org> | 2024-05-30 01:16:33 +0200 |
|---|---|---|
| committer | Alejandro Colomar <alx@kernel.org> | 2024-05-31 01:53:41 +0200 |
| commit | c70fbf2f26a61815ebd86666f180a448192cf2c9 (patch) | |
| tree | 6931bc2cae6baf53df0a5df9c8737030bcf561eb | |
| parent | 6d8e5a75fedd9ee91e338c058834bd436cc9efa6 (diff) | |
| download | man-pages-c70fbf2f26a61815ebd86666f180a448192cf2c9.tar.gz | |
PR_SET_SECCOMP.2const: Tweak after split
Signed-off-by: Alejandro Colomar <alx@kernel.org>
| -rw-r--r-- | man/man2const/PR_SET_SECCOMP.2const | 74 |
1 files changed, 27 insertions, 47 deletions
diff --git a/man/man2const/PR_SET_SECCOMP.2const b/man/man2const/PR_SET_SECCOMP.2const index 8af305468a..d78f48031a 100644 --- a/man/man2const/PR_SET_SECCOMP.2const +++ b/man/man2const/PR_SET_SECCOMP.2const @@ -1,11 +1,9 @@ .\" Copyright 2008, 2012, 2013, 2015, Michael Kerrisk <mtk.manpages@gmail.com> .\" Copyright 2012, Kees Cook <keescook@chromium.org> +.\" Copyright 2024, Alejandro Colomar <alx@kernel.org> .\" .\" SPDX-License-Identifier: Linux-man-pages-copyleft .\" -.\" 2008-06-15 mtk, Document PR_SET_SECCOMP -.\" 2012-09-20 Kees Cook, update PR_SET_SECCOMP for mode 2 -.\" .TH PR_SET_SECCOMP 2const (date) "Linux man-pages (unreleased)" .SH NAME PR_SET_SECCOMP @@ -18,28 +16,29 @@ Standard C library .nf .B #include <sys/prctl.h> .P -.BI "int prctl(int " op ", ...);" +.B [[deprecated]] +.BI "int prctl(PR_SET_SECCOMP, long " mode ", ...);" +.P +.B [[deprecated]] +.B int prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT, 0L, 0L, 0L); +.B [[deprecated]] +.B int prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, +.BI " struct sock_fprog *" filter ", 0L, 0L);" .fi .SH DESCRIPTION -.TP -.BR PR_SET_SECCOMP " (since Linux 2.6.23)" -.\" See http://thread.gmane.org/gmane.linux.kernel/542632 -.\" [PATCH 0 of 2] seccomp updates -.\" andrea@cpushare.com -Set the secure computing (seccomp) mode for the calling thread, to limit -the available system calls. +Set the secure computing (seccomp) mode for the calling thread, +to limit the available system calls. The more recent .BR seccomp (2) system call provides a superset of the functionality of .BR PR_SET_SECCOMP , and is the preferred interface for new applications. -.IP +.P The seccomp mode is selected via -.IR arg2 . -(The seccomp constants are defined in -.IR <linux/seccomp.h> .) +.IR mode . +The seccomp constants are defined in +.IR <linux/seccomp.h> . The following values can be specified: -.RS .TP .BR SECCOMP_MODE_STRICT " (since Linux 2.6.23)" See the description of @@ -55,10 +54,8 @@ enabled. .BR SECCOMP_MODE_FILTER " (since Linux 3.5)" The allowed system calls are defined by a pointer to a Berkeley Packet Filter passed in -.IR arg3 . -This argument is a pointer to -.IR "struct sock_fprog" ; -it can be designed to filter +.IR filter . +It can be designed to filter arbitrary system calls and system call arguments. See the description of .B SECCOMP_SET_MODE_FILTER @@ -69,10 +66,6 @@ This operation is available only if the kernel is configured with .B CONFIG_SECCOMP_FILTER enabled. -.RE -.IP -For further details on seccomp filtering, see -.BR seccomp (2). .SH RETURN VALUE On success, 0 is returned. @@ -82,11 +75,7 @@ is set to indicate the error. .SH ERRORS .TP .B EACCES -.I op -is -.B PR_SET_SECCOMP -and -.I arg2 +.I mode is .BR SECCOMP_MODE_FILTER , but the process does not have the @@ -97,36 +86,23 @@ attribute (see .BR PR_SET_NO_NEW_PRIVS (2const)). .TP .B EFAULT -.I op -is -.BR PR_SET_SECCOMP , -.I arg2 +.I mode is .BR SECCOMP_MODE_FILTER , -the system was built with -.BR CONFIG_SECCOMP_FILTER , and -.I arg3 +.I filter is an invalid address. .TP .B EINVAL -.I arg2 +.I mode is not a valid value. .TP .B EINVAL -.I op -is -.B PR_SET_SECCOMP -or -.BR PR_GET_SECCOMP , -and the kernel was not configured with +The kernel was not configured with .BR CONFIG_SECCOMP . .TP .B EINVAL -.I op -is -.BR PR_SET_SECCOMP , -.I arg2 +.I mode is .BR SECCOMP_MODE_FILTER , and the kernel was not configured with @@ -134,6 +110,10 @@ and the kernel was not configured with .SH STANDARDS Linux. .SH HISTORY +Linux 2.6.23. +.\" See http://thread.gmane.org/gmane.linux.kernel/542632 +.\" [PATCH 0 of 2] seccomp updates +.\" andrea@cpushare.com .SH SEE ALSO .BR prctl (2), .BR PR_GET_SECCOMP (2const), |