From: Rodrigo Campos <rodrigo@kinvolk.io>
To: linux-man@vger.kernel.org,
Alejandro Colomar <alx.manpages@gmail.com>,
Michael Kerrisk <mtk.manpages@gmail.com>
Cc: linux-kernel@vger.kernel.org, "Alban Crequy" <alban@kinvolk.io>,
"Mauricio Vásquez Bernal" <mauricio@kinvolk.io>,
"Sargun Dhillon" <sargun@sargun.me>,
"Rodrigo Campos" <rodrigo@kinvolk.io>
Subject: [PATCH] seccomp_unotify.2: Add doc for SECCOMP_ADDFD_FLAG_SEND
Date: Fri, 2 Jul 2021 18:37:44 +0200 [thread overview]
Message-ID: <20210702163744.265749-1-rodrigo@kinvolk.io> (raw)
This flag was recently added to Linux 5.14 by a patch I wrote:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ae71c7720e3ae3aabd2e8a072d27f7bd173d25c
This patch adds documentation for the flag, the error code that the flag
added and explains in the caveat when it is useful.
Signed-off-by: Rodrigo Campos <rodrigo@kinvolk.io>
---
Hi! Here goes the documentation for the flag I just added. Please feel free to
amend as you want and let me know if something is not clear :)
man2/seccomp_unotify.2 | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/man2/seccomp_unotify.2 b/man2/seccomp_unotify.2
index 2673d9bc7..9bd27214f 100644
--- a/man2/seccomp_unotify.2
+++ b/man2/seccomp_unotify.2
@@ -739,6 +739,17 @@ When allocating the file descriptor in the target,
use the file descriptor number specified in the
.I newfd
field.
+.TP
+.BR SECCOMP_ADDFD_FLAG_SEND
+Available since Linux 5.14, combines the
+.B SECCOMP_IOCTL_NOTIF_ADDFD
+ioctl with
+.B SECCOMP_IOCTL_NOTIF_SEND
+into an atomic operation. On successful invocation, the target process's
+errno will be 0 and the return value will be the file descriptor number that was
+installed in the target. If allocating the file descriptor in the tatget fails,
+the target's syscall continues to be blocked until a successful response is
+sent.
.RE
.TP
.I srcfd
@@ -801,6 +812,13 @@ Allocating the file descriptor in the target would cause the target's
limit to be exceeded (see
.BR getrlimit (2)).
.TP
+.B EBUSY
+If the flag
+.B SECCOMP_IOCTL_NOTIF_SEND
+is used, this means the operation can't proceed until other
+.B SECCOMP_IOCTL_NOTIF_ADDFD
+requests are processed.
+.TP
.B EINPROGRESS
The user-space notification specified in the
.I id
@@ -1131,6 +1149,14 @@ that would
normally be restarted by the
.BR SA_RESTART
flag.
+.PP
+Furthermore, if the supervisor response is a file descriptor
+added with
+.B SECCOMP_IOCTL_NOTIF_ADDFD,
+then the flag
+.B SECCOMP_ADDFD_FLAG_SEND
+can be used to atomically add the file descriptor and return that value,
+making sure no file descriptors are inadvertently leaked into the target.
.\" FIXME
.\" About the above, Kees Cook commented:
.\"
--
2.30.2
next reply other threads:[~2021-07-02 16:37 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-02 16:37 Rodrigo Campos [this message]
2021-07-03 21:25 ` [PATCH] seccomp_unotify.2: Add doc for SECCOMP_ADDFD_FLAG_SEND Alejandro Colomar (man-pages)
2021-07-04 11:25 ` Alejandro Colomar (man-pages)
2021-07-05 10:12 ` Rodrigo Campos
2021-07-05 10:11 ` Rodrigo Campos
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210702163744.265749-1-rodrigo@kinvolk.io \
--to=rodrigo@kinvolk.io \
--cc=alban@kinvolk.io \
--cc=alx.manpages@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=mauricio@kinvolk.io \
--cc=mtk.manpages@gmail.com \
--cc=sargun@sargun.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).