diff options
author | Tyler Hicks <tyhicks@canonical.com> | 2017-10-18 06:16:52 +0000 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2017-11-01 12:48:14 -0400 |
commit | d0e11951f6484db5d8e98591ddc0c0157b333d85 (patch) | |
tree | 0402519270e14ee916dfa31503505bc49037bdd7 /doc/man | |
parent | 8a8576c9e0cf463d2d624686a4e57058ae30e91a (diff) | |
download | libseccomp-d0e11951f6484db5d8e98591ddc0c0157b333d85.tar.gz |
all: add support for new log filter flag
Extend libseccomp to support SECCOMP_FILTER_FLAG_LOG, which is intended
to cause log events for all actions taken by a filter except for
SCMP_ACT_ALLOW actions. This is done via a new filter attribute called
SCMP_FLTATR_CTL_LOG that is off by default.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'doc/man')
-rw-r--r-- | doc/man/man3/seccomp_api_get.3 | 3 | ||||
-rw-r--r-- | doc/man/man3/seccomp_attr_set.3 | 8 |
2 files changed, 11 insertions, 0 deletions
diff --git a/doc/man/man3/seccomp_api_get.3 b/doc/man/man3/seccomp_api_get.3 index a209dcc..b6c0453 100644 --- a/doc/man/man3/seccomp_api_get.3 +++ b/doc/man/man3/seccomp_api_get.3 @@ -47,6 +47,9 @@ The SCMP_FLTATR_CTL_TSYNC filter attribute is supported and libseccomp uses the .BR seccomp(2) syscall to load the seccomp filter into the kernel. +.TP +.B 3 +The SCMP_FLTATR_CTL_LOG filter attribute is supported. .\" ////////////////////////////////////////////////////////////////////////// .SH RETURN VALUE .\" ////////////////////////////////////////////////////////////////////////// diff --git a/doc/man/man3/seccomp_attr_set.3 b/doc/man/man3/seccomp_attr_set.3 index 091d6d1..7050d5f 100644 --- a/doc/man/man3/seccomp_attr_set.3 +++ b/doc/man/man3/seccomp_attr_set.3 @@ -86,6 +86,14 @@ specific syscall invocations, see for more information. Defaults to off ( .I value == 0). +.TP +.B SCMP_FLTATR_CTL_LOG +A flag to specify if the kernel should log all filter actions taken except for +the +.BR SCMP_ACT_ALLOW +action. Defaults to off ( +.I value +== 0). .\" ////////////////////////////////////////////////////////////////////////// .SH RETURN VALUE .\" ////////////////////////////////////////////////////////////////////////// |