doc: document seccomp_rule_add_array*

Signed-off-by: Vitaly Vi Shukela <vi0oss@gmail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>

3 files changed, 36 insertions, 13 deletions

diff --git a/doc/man/man3/seccomp_rule_add.3 b/doc/man/man3/seccomp_rule_add.3
index eeb61dc..98878fb 100644
--- a/doc/man/man3/seccomp_rule_add.3
+++ b/doc/man/man3/seccomp_rule_add.3
@@ -27,6 +27,15 @@ seccomp_rule_add, seccomp_rule_add_exact \- Add a seccomp filter rule
 .BI "int seccomp_rule_add_exact(scmp_filter_ctx " ctx ", uint32_t " action ","
 .BI "                           int " syscall ", unsigned int " arg_cnt ", " ... ");"
 .sp
+.BI "int seccomp_rule_add_array(scmp_filter_ctx " ctx ","
+.BI "                           uint32_t " action ", int " syscall ","
+.BI "                           unsigned int " arg_cnt ","
+.BI "                           const struct scmp_arg_cmp *"arg_array ");"
+.BI "int seccomp_rule_add_exact_array(scmp_filter_ctx " ctx ","
+.BI "                                 uint32_t " action ", int " syscall ","
+.BI "                                 unsigned int " arg_cnt ","
+.BI "                                 const struct scmp_arg_cmp *"arg_array ");"
+.sp
 Link with \fI\-lseccomp\fP.
 .fi
 .\" //////////////////////////////////////////////////////////////////////////
@@ -34,20 +43,28 @@ Link with \fI\-lseccomp\fP.
 .\" //////////////////////////////////////////////////////////////////////////
 .P
 The
-.BR seccomp_rule_add ()
+.BR seccomp_rule_add (),
+.BR seccomp_rule_add_array (),
+.BR seccomp_rule_add_exact (),
 and
-.BR seccomp_rule_add_exact ()
-functions add a new filter rule to the current seccomp filter.  The
+.BR seccomp_rule_add_exact_array ()
+functions all add a new filter rule to the current seccomp filter.  The
 .BR seccomp_rule_add ()
-function will make a "best effort" to add the rule as specified, but may alter
+and
+.BR seccomp_rule_add_array ()
+functions will make a "best effort" to add the rule as specified, but may alter
 the rule slightly due to architecture specifics, e.g. socket and ipc functions
 on x86.  The
 .BR seccomp_rule_add_exact ()
-function will attempt to add the rule exactly as specified so it may behave
+and
+.BR seccomp_rule_add_exact_array ()
+functions will attempt to add the rule exactly as specified so it may behave
 differently on different architectures.  While it does not guarantee a exact
 filter ruleset,
 .BR seccomp_rule_add ()
-does guarantee the same behavior regardless of the architecture.
+and
+.BR seccomp_rule_add_array ()
+do guarantee the same behavior regardless of the architecture.
 .P
 The newly added filter rule does not take effect until the entire filter is
 loaded into the kernel using
@@ -57,11 +74,7 @@ The
 .BR SCMP_CMP ()
 and
 .BR SCMP_A{0-5} ()
-macros generate a scmp_arg_cmp structure for use in
-.BR seccomp_rule_add ()
-and
-.BR seccomp_rule_add_exact ().
-The
+macros generate a scmp_arg_cmp structure for use with the above functions. The
 .BR SCMP_CMP ()
 macro allows the caller to specify an arbitrary argument along with the
 comparison operator, mask, and datum values where the
@@ -192,9 +205,11 @@ SCMP_CMP(
 .SH RETURN VALUE
 .\" //////////////////////////////////////////////////////////////////////////
 The
-.BR seccomp_rule_add ()
+.BR seccomp_rule_add (),
+.BR seccomp_rule_add_array (),
+.BR seccomp_rule_add_exact (),
 and
-.BR seccomp_rule_add_exact ()
+.BR seccomp_rule_add_exact_array ()
 functions return zero on success, negative errno values on failure.
 .\" //////////////////////////////////////////////////////////////////////////
 .SH EXAMPLES
@@ -211,6 +226,7 @@ int main(int argc, char *argv[])
 {
 	int rc = \-1;
 	scmp_filter_ctx ctx;
+	struct scmp_arg_cmp arg_cmp[] = { SCMP_A0(SCMP_CMP_EQ, 2) };
 	int fd;
 	unsigned char buf[BUF_SIZE];
 
@@ -240,6 +256,11 @@ int main(int argc, char *argv[])
 	if (rc < 0)
 		goto out;
 
+	rc = seccomp_rule_add_array(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1,
+			            arg_cmp);
+	if (rc < 0)
+		goto out;
+
 	rc = seccomp_load(ctx);
 	if (rc < 0)
 		goto out;
diff --git a/doc/man/man3/seccomp_rule_add_array.3 b/doc/man/man3/seccomp_rule_add_array.3
new file mode 100644
index 0000000..53714e7
--- /dev/null
+++ b/doc/man/man3/seccomp_rule_add_array.3
@@ -0,0 +1 @@
+.so man3/seccomp_rule_add.3
diff --git a/doc/man/man3/seccomp_rule_add_exact_array.3 b/doc/man/man3/seccomp_rule_add_exact_array.3
new file mode 100644
index 0000000..53714e7
--- /dev/null
+++ b/doc/man/man3/seccomp_rule_add_exact_array.3
@@ -0,0 +1 @@
+.so man3/seccomp_rule_add.3