man: clarify syscall number rewriting

In case of multiplexed syscalls, syscall name resolver and rule builder
both offer additional functions to ignore or perform syscall number
rewriting.
This commit introduces additional explicit details to the corresponding
manpages.

Signed-off-by: Luca Bruno <lucab@debian.org>
[PM: minor man-page style fixes]
Signed-off-by: Paul Moore <paul@paul-moore.com>

2 files changed, 18 insertions, 3 deletions

diff --git a/doc/man/man3/seccomp_rule_add.3 b/doc/man/man3/seccomp_rule_add.3
index e242115..eda93ae 100644
--- a/doc/man/man3/seccomp_rule_add.3
+++ b/doc/man/man3/seccomp_rule_add.3
@@ -53,8 +53,8 @@ functions all add a new filter rule to the current seccomp filter.  The
 and
 .BR seccomp_rule_add_array ()
 functions will make a "best effort" to add the rule as specified, but may alter
-the rule slightly due to architecture specifics, e.g. socket and ipc functions
-on x86.  The
+the rule slightly due to architecture specifics (e.g. internal rewriting of
+multiplexed syscalls, like socket and ipc functions on x86).  The
 .BR seccomp_rule_add_exact ()
 and
 .BR seccomp_rule_add_exact_array ()
@@ -299,5 +299,6 @@ Paul Moore <paul@paul-moore.com>
 .\" //////////////////////////////////////////////////////////////////////////
 .SH SEE ALSO
 .\" //////////////////////////////////////////////////////////////////////////
+.BR seccomp_syscall_resolve_name_rewrite (3),
 .BR seccomp_syscall_priority (3),
 .BR seccomp_load (3)
diff --git a/doc/man/man3/seccomp_syscall_resolve_name.3 b/doc/man/man3/seccomp_syscall_resolve_name.3
index 670fcd2..3c0f789 100644
--- a/doc/man/man3/seccomp_syscall_resolve_name.3
+++ b/doc/man/man3/seccomp_syscall_resolve_name.3
@@ -30,7 +30,12 @@ and
 functions resolve the commonly used syscall name to the syscall number used by
 the kernel and the rest of the libseccomp API, with
 .BR seccomp_syscall_resolve_name_rewrite()
-rewriting the syscall number for architectures that modify the syscall.  The
+rewriting the syscall number for architectures that modify the syscall.  Syscall
+rewriting typically happens in case of a multiplexed syscall, like
+.BR socketcall (2)
+or
+.BR ipc (2)
+on x86.
 .BR seccomp_syscall_resolve_num_arch()
 function resolves the syscall number used by the kernel to the commonly used
 syscall name.
@@ -100,6 +105,15 @@ out:
 .SH NOTES
 .\" //////////////////////////////////////////////////////////////////////////
 .P
+In case of bare syscalls implemented on top of a multiplexed syscall,
+.BR seccomp_syscall_resolve_name()
+and
+.BR seccomp_syscall_resolve_name_arch()
+can be used to verify if a bare syscall is implemented for a specific
+architecture, while
+.BR seccomp_syscall_resolve_name_rewrite()
+can be used to determine the underlying multiplexed syscall.
+.P
 While the seccomp filter can be generated independent of the kernel, kernel
 support is required to load and enforce the seccomp filter generated by
 libseccomp.