diff options
author | Tom Hromatka <tom.hromatka@oracle.com> | 2020-07-14 11:31:37 -0600 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2020-07-14 21:35:46 -0400 |
commit | 43d63abc1ef2ae3e9386c4b1733a774575d144d8 (patch) | |
tree | 931575ed4730cab615f72f81abe0c5e82d7a3d4f | |
parent | fa6264bd9d674d5bd141d1153ed1d77e654b4af1 (diff) | |
download | libseccomp-43d63abc1ef2ae3e9386c4b1733a774575d144d8.tar.gz |
doc: Document SCMP_FLTATR_CTL_OPTIMIZE in seccomp_attr_set.3
This commit documents the usage of SCMP_FLTATR_CTL_OPTIMIZE in the
seccomp_attr_set.3 man page.
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r-- | doc/man/man3/seccomp_attr_set.3 | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/doc/man/man3/seccomp_attr_set.3 b/doc/man/man3/seccomp_attr_set.3 index 6183493..eb82557 100644 --- a/doc/man/man3/seccomp_attr_set.3 +++ b/doc/man/man3/seccomp_attr_set.3 @@ -101,6 +101,32 @@ Defaults to off ( .I value == 0). .TP +.B SCMP_FLTATR_CTL_OPTIMIZE +A flag to specify the optimization level of the seccomp filter. By default +libseccomp generates a set of sequential \'if\' statements for each rule in +the filter. +.BR seccomp_syscall_priority(3) +can be used to prioritize the order for the default cause. The binary tree +optimization sorts by syscall numbers and generates consistent +.BR O(log\ n) +filter traversal for every rule in the filter. The binary tree may be +advantageous for large filters. Note that +.BR seccomp_syscall_priority(3) +is ignored when SCMP_FLTATR_CTL_OPTIMIZE == 2. +.RS +.P +The different optimization levels are described below: +.TP +.B 0 +Reserved value, not currently used. +.TP +.B 1 +Rules sorted by priority and complexity (DEFAULT). +.TP +.B 2 +Binary tree sorted by syscall number. +.RE +.TP .B SCMP_FLTATR_API_SYSRAWRC A flag to specify if libseccomp should pass system error codes back to the caller instead of the default -ECANCELED. Defaults to off ( |