From 3bed246e7e721c32b9c65e7b551760a269867e24 Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Sat, 26 Sep 2020 15:34:05 +0200 Subject: [PATCH] seccomp.2: Some reworking of Tycho's SECCOMP_RET_USER_NOTIF patch Signed-off-by: Michael Kerrisk --- man2/seccomp.2 | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/man2/seccomp.2 b/man2/seccomp.2 index 5ead163b7..9f729a728 100644 --- a/man2/seccomp.2 +++ b/man2/seccomp.2 @@ -600,16 +600,21 @@ portion of the filter's return value being passed to user space as the .IR errno value without executing the system call. .TP -.BR SECCOMP_RET_USER_NOTIF " (since Linux 4.21)" -Forwards the syscall to an attached listener in userspace to allow userspace to -decide what to do with the syscall. If there is no attached listener (either +.BR SECCOMP_RET_USER_NOTIF " (since Linux 5.0)" +.\" commit 6a21cc50f0c7f87dae5259f6cfefe024412313f6 +Forward the system call to an attached user-space listening +process to allow that process to decide what to do with the system call. +If there is no attached listener (either because the filter was not installed with the .BR SECCOMP_FILTER_FLAG_NEW_LISTENER -or because the fd was closed), the filter returns +flag or because the file descriptor was closed), the filter returns .BR ENOSYS -similar to what happens when a filter returns +(similar to what happens when a filter returns .BR SECCOMP_RET_TRACE -and there is no tracer. See "Userspace Notification" below for more details. +and there is no tracer). +See +.BR seccomp_unotify (2) +for further details. .TP .BR SECCOMP_RET_TRACE When returned, this value will cause the kernel to attempt to notify a -- 2.11.4.GIT