From: "Alejandro Colomar (man-pages)" <alx.manpages@gmail.com>
To: mtk.manpages@gmail.com
Cc: linux-man@vger.kernel.org, Rodrigo Campos <rodrigo@kinvolk.io>
Subject: Re: [PATCH 17/32] seccomp_unotify.2: Minor tweaks to Rodrigo's patch
Date: Thu, 29 Jul 2021 13:15:47 +0200 [thread overview]
Message-ID: <8645a038-809f-b24e-ca57-0e9d7f747c36@gmail.com> (raw)
In-Reply-To: <20210728202008.3158-18-alx.manpages@gmail.com>
On 7/28/21 10:19 PM, Alejandro Colomar wrote:
> Signed-off-by: Alejandro Colomar <alx.manpages@gmail.com>
I forgot to CC Rodrigo here.
> ---
> man2/seccomp_unotify.2 | 32 +++++++++++++++++---------------
> 1 file changed, 17 insertions(+), 15 deletions(-)
>
> diff --git a/man2/seccomp_unotify.2 b/man2/seccomp_unotify.2
> index 9bd27214f..ae449ae36 100644
> --- a/man2/seccomp_unotify.2
> +++ b/man2/seccomp_unotify.2
> @@ -740,16 +740,18 @@ use the file descriptor number specified in the
> .I newfd
> field.
> .TP
> -.BR SECCOMP_ADDFD_FLAG_SEND
> -Available since Linux 5.14, combines the
> +.BR SECCOMP_ADDFD_FLAG_SEND " (since Linux 5.14)"
> +Combines the
> .B SECCOMP_IOCTL_NOTIF_ADDFD
> ioctl with
> .B SECCOMP_IOCTL_NOTIF_SEND
> -into an atomic operation. On successful invocation, the target process's
> -errno will be 0 and the return value will be the file descriptor number that was
> -installed in the target. If allocating the file descriptor in the tatget fails,
> -the target's syscall continues to be blocked until a successful response is
> -sent.
> +into an atomic operation.
> +On successful invocation, the target process's errno will be 0
> +and the return value will be the file descriptor number
> +that was installed in the target.
> +If allocating the file descriptor in the tatget fails,
> +the target's syscall continues to be blocked
> +until a successful response is sent.
> .RE
> .TP
> .I srcfd
> @@ -1149,14 +1151,6 @@ that would
> normally be restarted by the
> .BR SA_RESTART
> flag.
> -.PP
> -Furthermore, if the supervisor response is a file descriptor
> -added with
> -.B SECCOMP_IOCTL_NOTIF_ADDFD,
> -then the flag
> -.B SECCOMP_ADDFD_FLAG_SEND
> -can be used to atomically add the file descriptor and return that value,
> -making sure no file descriptors are inadvertently leaked into the target.
> .\" FIXME
> .\" About the above, Kees Cook commented:
> .\"
> @@ -1176,6 +1170,14 @@ making sure no file descriptors are inadvertently leaked into the target.
> .\" calls because it's impossible for the kernel to restart the call
> .\" with the right timeout value. I wonder what happens when those
> .\" system calls are restarted in the scenario we're discussing.)
> +.PP
> +Furthermore, if the supervisor response is a file descriptor
> +added with
> +.B SECCOMP_IOCTL_NOTIF_ADDFD,
> +then the flag
> +.B SECCOMP_ADDFD_FLAG_SEND
> +can be used to atomically add the file descriptor and return that value,
> +making sure no file descriptors are inadvertently leaked into the target.
> .SH BUGS
> If a
> .BR SECCOMP_IOCTL_NOTIF_RECV
>
--
Alejandro Colomar
Linux man-pages comaintainer; https://www.kernel.org/doc/man-pages/
http://www.alejandro-colomar.es/
next prev parent reply other threads:[~2021-07-29 11:15 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-28 20:19 [PATCH 00/32] Patches from others Alejandro Colomar
2021-07-28 20:19 ` [PATCH 01/32] readv2: Note preadv2(..., RWF_NOWAIT) bug in BUGS section Alejandro Colomar
2021-08-08 2:29 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 02/32] readv.2: Minor tweaks to Will's patch Alejandro Colomar
2021-08-08 2:30 ` Michael Kerrisk (man-pages)
2021-08-08 2:42 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 03/32] vdso.7: Remove outdated limitation for powerpc Alejandro Colomar
2021-08-08 0:17 ` Michael Kerrisk (man-pages)
2021-08-08 0:21 ` Alejandro Colomar (man-pages)
2021-07-28 20:19 ` [PATCH 04/32] vdso.7: Add y2038 compliant gettime for ppc/32 Alejandro Colomar
2021-08-08 0:48 ` Michael Kerrisk (man-pages)
2021-08-08 1:01 ` Alejandro Colomar (man-pages)
2021-08-08 2:25 ` Michael Kerrisk (man-pages)
2021-08-08 2:22 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 05/32] posixoptions.7: Fix legacy functions list (s/getcwd/getwd/) Alejandro Colomar
2021-08-08 0:55 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 06/32] man2/fallocate.2: tfix documentation of shared blocks Alejandro Colomar
2021-08-08 0:54 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 07/32] printf.3: wfix Alejandro Colomar
2021-08-07 21:34 ` Michael Kerrisk (man-pages)
2021-08-07 22:20 ` Alejandro Colomar (man-pages)
2021-08-07 22:32 ` Alejandro Colomar (man-pages)
2021-08-07 23:10 ` Michael Kerrisk (man-pages)
2021-08-11 20:55 ` Sergey Petrakov
2021-08-11 22:33 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 08/32] Various pages: Consistently use '*argv[]' Alejandro Colomar
2021-08-07 21:35 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 09/32] path_resolution.7: tfix Alejandro Colomar
2021-08-07 21:37 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 10/32] futex.2: Document FUTEX_LOCK_PI2 Alejandro Colomar
2021-07-29 10:18 ` Alejandro Colomar (man-pages)
2021-08-07 21:38 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 11/32] futex.2: Minor tweaks to Kurt's patch Alejandro Colomar
2021-07-29 10:24 ` Alejandro Colomar (man-pages)
2021-08-07 21:38 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 12/32] capabilities.7: tfix Alejandro Colomar
2021-08-07 21:39 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 13/32] user_namespaces.7: fix a ref Alejandro Colomar
2021-08-07 21:40 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 14/32] capabilities.7, user_namespaces.7: describe CAP_SETFCAP Alejandro Colomar
2021-08-08 2:54 ` Michael Kerrisk (man-pages)
2021-08-08 9:09 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 15/32] capabilities.7: Minor tweaks to Kir's patch Alejandro Colomar
2021-07-29 11:16 ` Alejandro Colomar (man-pages)
2021-08-08 3:03 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 16/32] seccomp_unotify.2: Add doc for SECCOMP_ADDFD_FLAG_SEND Alejandro Colomar
2021-08-08 1:01 ` Michael Kerrisk (man-pages)
2021-08-09 9:42 ` Rodrigo Campos
2021-07-28 20:19 ` [PATCH 17/32] seccomp_unotify.2: Minor tweaks to Rodrigo's patch Alejandro Colomar
2021-07-29 11:15 ` Alejandro Colomar (man-pages) [this message]
2021-08-08 1:13 ` Michael Kerrisk (man-pages)
2021-08-08 1:22 ` Alejandro Colomar (man-pages)
2021-07-28 20:19 ` [PATCH 18/32] recv.2: tfix Alejandro Colomar
2021-08-07 21:43 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 19/32] ascii.7: add vertical rule to separate the two columns Alejandro Colomar
2021-08-07 22:46 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 20/32] wait.2: Add ESRCH for when pid == INT_MIN Alejandro Colomar
2021-08-07 23:05 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 21/32] seccomp_unotify.2: tfix Alejandro Colomar
2021-08-08 1:13 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 22/32] proc.5: tfix Alejandro Colomar
2021-08-07 22:55 ` Michael Kerrisk (man-pages)
2021-07-28 20:19 ` [PATCH 23/32] scripts/bash_aliases: tfix Alejandro Colomar
2021-08-07 22:47 ` Michael Kerrisk (man-pages)
2021-07-28 20:20 ` [PATCH 24/32] namespaces.7: fix confusion caused by text reorganization Alejandro Colomar
2021-08-07 23:48 ` Michael Kerrisk (man-pages)
2021-07-28 20:20 ` [PATCH 25/32] pipe.7: also mention writev(2) in atomicity sexion Alejandro Colomar
2021-08-08 9:30 ` Michael Kerrisk (man-pages)
2021-07-28 20:20 ` [PATCH 26/32] tkill.2: tfix Alejandro Colomar
2021-08-07 22:48 ` Michael Kerrisk (man-pages)
2021-07-28 20:20 ` [PATCH 27/32] strstr.3: Add special case for empty needle Alejandro Colomar
2021-08-07 23:53 ` Michael Kerrisk (man-pages)
2021-07-28 20:20 ` [PATCH 28/32] sigaction.2: Document SA_EXPOSE_TAGBITS and the flag support detection protocol Alejandro Colomar
2021-08-08 21:32 ` Michael Kerrisk (man-pages)
2021-07-28 20:20 ` [PATCH 29/32] sigaction.2: Apply minor tweaks to Peter's patch Alejandro Colomar
2021-07-29 11:14 ` Alejandro Colomar (man-pages)
2021-08-08 21:32 ` Michael Kerrisk (man-pages)
2021-07-28 20:20 ` [PATCH 30/32] strlen.3, wcslen.3: Add recommendations for safer variants Alejandro Colomar
2021-08-07 23:45 ` Michael Kerrisk (man-pages)
2021-08-08 0:04 ` Alejandro Colomar (man-pages)
2021-08-08 0:16 ` Alejandro Colomar (man-pages)
2021-08-08 1:20 ` Michael Kerrisk (man-pages)
2021-08-08 1:24 ` Alejandro Colomar (man-pages)
2021-08-08 2:18 ` Michael Kerrisk (man-pages)
2021-08-08 19:44 ` Jonny Grant
2021-07-28 20:20 ` [PATCH 31/32] time.2: wfix regarding year-2038 Alejandro Colomar
2021-07-29 10:45 ` G. Branden Robinson
2021-07-30 1:25 ` Viet Than
2021-08-07 23:59 ` Michael Kerrisk (man-pages)
2021-07-28 20:20 ` [PATCH 32/32] execve.2: Fix absolute/relative pathname Alejandro Colomar
2021-08-08 2:02 ` Michael Kerrisk (man-pages)
2021-08-08 21:34 ` [PATCH 00/32] Patches from others Michael Kerrisk (man-pages)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8645a038-809f-b24e-ca57-0e9d7f747c36@gmail.com \
--to=alx.manpages@gmail.com \
--cc=linux-man@vger.kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=rodrigo@kinvolk.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).