From: Alejandro Colomar <alx.manpages@gmail.com>
To: mtk.manpages@gmail.com
Cc: Alejandro Colomar <alx.manpages@gmail.com>, linux-man@vger.kernel.org
Subject: [PATCH 17/32] seccomp_unotify.2: Minor tweaks to Rodrigo's patch
Date: Wed, 28 Jul 2021 22:19:53 +0200 [thread overview]
Message-ID: <20210728202008.3158-18-alx.manpages@gmail.com> (raw)
In-Reply-To: <20210728202008.3158-1-alx.manpages@gmail.com>
Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com>
---
man2/seccomp_unotify.2 | 32 +++++++++++++++++---------------
1 file changed, 17 insertions(+), 15 deletions(-)
diff --git a/man2/seccomp_unotify.2 b/man2/seccomp_unotify.2
index 9bd27214f..ae449ae36 100644
--- a/man2/seccomp_unotify.2
+++ b/man2/seccomp_unotify.2
@@ -740,16 +740,18 @@ use the file descriptor number specified in the
.I newfd
field.
.TP
-.BR SECCOMP_ADDFD_FLAG_SEND
-Available since Linux 5.14, combines the
+.BR SECCOMP_ADDFD_FLAG_SEND " (since Linux 5.14)"
+Combines the
.B SECCOMP_IOCTL_NOTIF_ADDFD
ioctl with
.B SECCOMP_IOCTL_NOTIF_SEND
-into an atomic operation. On successful invocation, the target process's
-errno will be 0 and the return value will be the file descriptor number that was
-installed in the target. If allocating the file descriptor in the tatget fails,
-the target's syscall continues to be blocked until a successful response is
-sent.
+into an atomic operation.
+On successful invocation, the target process's errno will be 0
+and the return value will be the file descriptor number
+that was installed in the target.
+If allocating the file descriptor in the tatget fails,
+the target's syscall continues to be blocked
+until a successful response is sent.
.RE
.TP
.I srcfd
@@ -1149,14 +1151,6 @@ that would
normally be restarted by the
.BR SA_RESTART
flag.
-.PP
-Furthermore, if the supervisor response is a file descriptor
-added with
-.B SECCOMP_IOCTL_NOTIF_ADDFD,
-then the flag
-.B SECCOMP_ADDFD_FLAG_SEND
-can be used to atomically add the file descriptor and return that value,
-making sure no file descriptors are inadvertently leaked into the target.
.\" FIXME
.\" About the above, Kees Cook commented:
.\"
@@ -1176,6 +1170,14 @@ making sure no file descriptors are inadvertently leaked into the target.
.\" calls because it's impossible for the kernel to restart the call
.\" with the right timeout value. I wonder what happens when those
.\" system calls are restarted in the scenario we're discussing.)
+.PP
+Furthermore, if the supervisor response is a file descriptor
+added with
+.B SECCOMP_IOCTL_NOTIF_ADDFD,
+then the flag
+.B SECCOMP_ADDFD_FLAG_SEND
+can be used to atomically add the file descriptor and return that value,
+making sure no file descriptors are inadvertently leaked into the target.
.SH BUGS
If a
.BR SECCOMP_IOCTL_NOTIF_RECV
--
2.32.0
next prev parent reply other threads:[~2021-07-28 20:20 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-28 20:19 [PATCH 00/32] Patches from others Alejandro Colomar
2021-07-28 20:19 ` [PATCH 01/32] readv2: Note preadv2(..., RWF_NOWAIT) bug in BUGS section Alejandro Colomar
2021-08-08 2:29 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 02/32] readv.2: Minor tweaks to Will's patch Alejandro Colomar
2021-08-08 2:30 ` Michael Kerrisk (man-pages)
2021-08-08 2:42 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 03/32] vdso.7: Remove outdated limitation for powerpc Alejandro Colomar
2021-08-08 0:17 ` Michael Kerrisk (man-pages)
2021-08-08 0:21 ` Alejandro Colomar (man-pages)
2021-07-28 20:19 ` [PATCH 04/32] vdso.7: Add y2038 compliant gettime for ppc/32 Alejandro Colomar
2021-08-08 0:48 ` Michael Kerrisk (man-pages)
2021-08-08 1:01 ` Alejandro Colomar (man-pages)
2021-08-08 2:25 ` Michael Kerrisk (man-pages)
2021-08-08 2:22 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 05/32] posixoptions.7: Fix legacy functions list (s/getcwd/getwd/) Alejandro Colomar
2021-08-08 0:55 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 06/32] man2/fallocate.2: tfix documentation of shared blocks Alejandro Colomar
2021-08-08 0:54 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 07/32] printf.3: wfix Alejandro Colomar
2021-08-07 21:34 ` Michael Kerrisk (man-pages)
2021-08-07 22:20 ` Alejandro Colomar (man-pages)
2021-08-07 22:32 ` Alejandro Colomar (man-pages)
2021-08-07 23:10 ` Michael Kerrisk (man-pages)
2021-08-11 20:55 ` Sergey Petrakov
2021-08-11 22:33 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 08/32] Various pages: Consistently use '*argv[]' Alejandro Colomar
2021-08-07 21:35 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 09/32] path_resolution.7: tfix Alejandro Colomar
2021-08-07 21:37 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 10/32] futex.2: Document FUTEX_LOCK_PI2 Alejandro Colomar
2021-07-29 10:18 ` Alejandro Colomar (man-pages)
2021-08-07 21:38 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 11/32] futex.2: Minor tweaks to Kurt's patch Alejandro Colomar
2021-07-29 10:24 ` Alejandro Colomar (man-pages)
2021-08-07 21:38 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 12/32] capabilities.7: tfix Alejandro Colomar
2021-08-07 21:39 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 13/32] user_namespaces.7: fix a ref Alejandro Colomar
2021-08-07 21:40 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 14/32] capabilities.7, user_namespaces.7: describe CAP_SETFCAP Alejandro Colomar
2021-08-08 2:54 ` Michael Kerrisk (man-pages)
2021-08-08 9:09 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 15/32] capabilities.7: Minor tweaks to Kir's patch Alejandro Colomar
2021-07-29 11:16 ` Alejandro Colomar (man-pages)
2021-08-08 3:03 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 16/32] seccomp_unotify.2: Add doc for SECCOMP_ADDFD_FLAG_SEND Alejandro Colomar
2021-08-08 1:01 ` Michael Kerrisk (man-pages)
2021-08-09 9:42 ` Rodrigo Campos
2021-07-28 20:19 ` Alejandro Colomar [this message]
2021-07-29 11:15 ` [PATCH 17/32] seccomp_unotify.2: Minor tweaks to Rodrigo's patch Alejandro Colomar (man-pages)
2021-08-08 1:13 ` Michael Kerrisk (man-pages)
2021-08-08 1:22 ` Alejandro Colomar (man-pages)
2021-07-28 20:19 ` [PATCH 18/32] recv.2: tfix Alejandro Colomar
2021-08-07 21:43 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 19/32] ascii.7: add vertical rule to separate the two columns Alejandro Colomar
2021-08-07 22:46 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 20/32] wait.2: Add ESRCH for when pid == INT_MIN Alejandro Colomar
2021-08-07 23:05 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 21/32] seccomp_unotify.2: tfix Alejandro Colomar
2021-08-08 1:13 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 22/32] proc.5: tfix Alejandro Colomar
2021-08-07 22:55 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 23/32] scripts/bash_aliases: tfix Alejandro Colomar
2021-08-07 22:47 ` Michael Kerrisk (man-pages)
2021-07-28 20:20 ` [PATCH 24/32] namespaces.7: fix confusion caused by text reorganization Alejandro Colomar
2021-08-07 23:48 ` Michael Kerrisk (man-pages)
2021-07-28 20:20 ` [PATCH 25/32] pipe.7: also mention writev(2) in atomicity sexion Alejandro Colomar
2021-08-08 9:30 ` Michael Kerrisk (man-pages)
2021-07-28 20:20 ` [PATCH 26/32] tkill.2: tfix Alejandro Colomar
2021-08-07 22:48 ` Michael Kerrisk (man-pages)
2021-07-28 20:20 ` [PATCH 27/32] strstr.3: Add special case for empty needle Alejandro Colomar
2021-08-07 23:53 ` Michael Kerrisk (man-pages)
2021-07-28 20:20 ` [PATCH 28/32] sigaction.2: Document SA_EXPOSE_TAGBITS and the flag support detection protocol Alejandro Colomar
2021-08-08 21:32 ` Michael Kerrisk (man-pages)
2021-07-28 20:20 ` [PATCH 29/32] sigaction.2: Apply minor tweaks to Peter's patch Alejandro Colomar
2021-07-29 11:14 ` Alejandro Colomar (man-pages)
2021-08-08 21:32 ` Michael Kerrisk (man-pages)
2021-07-28 20:20 ` [PATCH 30/32] strlen.3, wcslen.3: Add recommendations for safer variants Alejandro Colomar
2021-08-07 23:45 ` Michael Kerrisk (man-pages)
2021-08-08 0:04 ` Alejandro Colomar (man-pages)
2021-08-08 0:16 ` Alejandro Colomar (man-pages)
2021-08-08 1:20 ` Michael Kerrisk (man-pages)
2021-08-08 1:24 ` Alejandro Colomar (man-pages)
2021-08-08 2:18 ` Michael Kerrisk (man-pages)
2021-08-08 19:44 ` Jonny Grant
2021-07-28 20:20 ` [PATCH 31/32] time.2: wfix regarding year-2038 Alejandro Colomar
2021-07-29 10:45 ` G. Branden Robinson
2021-07-30 1:25 ` Viet Than
2021-08-07 23:59 ` Michael Kerrisk (man-pages)
2021-07-28 20:20 ` [PATCH 32/32] execve.2: Fix absolute/relative pathname Alejandro Colomar
2021-08-08 2:02 ` Michael Kerrisk (man-pages)
2021-08-08 21:34 ` [PATCH 00/32] Patches from others Michael Kerrisk (man-pages)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210728202008.3158-18-alx.manpages@gmail.com \
--to=alx.manpages@gmail.com \
--cc=linux-man@vger.kernel.org \
--cc=mtk.manpages@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.