diff options
author | Tom Hromatka <tom.hromatka@oracle.com> | 2020-10-22 13:35:31 -0600 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2020-10-25 15:45:14 -0400 |
commit | e201339dc87eac6ce848f441b5b109510ee48dd2 (patch) | |
tree | aaae8d6068754f8e7f850c5114c8b3525a237159 | |
parent | 3e1a828777f097e55cd831cf7e7f617057c801c5 (diff) | |
download | libseccomp-e201339dc87eac6ce848f441b5b109510ee48dd2.tar.gz |
doc: Add SCMP_ACT_NOTIFY documentation to seccomp_rule_add.3
Document the usage of SCMP_ACT_NOTIFY in seccomp_rule_add.3
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
(imported from commit 8826022c0b7dd01a09973596750f038334780aad)
-rw-r--r-- | doc/man/man3/seccomp_rule_add.3 | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/doc/man/man3/seccomp_rule_add.3 b/doc/man/man3/seccomp_rule_add.3 index 58c6395..4d8ef3f 100644 --- a/doc/man/man3/seccomp_rule_add.3 +++ b/doc/man/man3/seccomp_rule_add.3 @@ -209,6 +209,22 @@ matches the filter rule but the syscall will be logged. .B SCMP_ACT_ALLOW The seccomp filter will have no effect on the thread calling the syscall if it matches the filter rule. +.TP +.B SCMP_ACT_NOTIFY +A monitoring process will be notified when a process running the seccomp +filter calls a syscall that matches the filter rule. The process that invokes +the syscall waits in the kernel until the monitoring process has responded via +.B seccomp_notify_respond(3) +\&. + +When a filter utilizing +.B SCMP_ACT_NOTIFY +is loaded into the kernel, the kernel generates a notification fd that must be +used to communicate between the monitoring process and the process(es) being +filtered. See +.B seccomp_notif_fd(3) +for more information. + .P Valid comparison .I op |