diff options
| author | Paul Moore <paul@paul-moore.com> | 2020-08-04 10:52:08 -0400 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2020-08-18 11:49:22 -0400 |
| commit | 02812f99e8d1df2e671dac675b4af663d0266303 (patch) | |
| tree | d47cbf1edbb9f20b5b69f61c01ad09124af739d6 /doc | |
| parent | ce314fe4111887c593e3c6b17c60d93bc6ab66b9 (diff) | |
| download | libseccomp-02812f99e8d1df2e671dac675b4af663d0266303.tar.gz | |
system: change our notification fd handling
This commit changes how we handle the notification fd by only
requesting it via _NEW_LISTENER if the filter has a _NOTIFY action
in it. We also augment the seccomp_reset(NULL, ...) behavior so
that it closes the notification fd before resetting the global
state; applications that need to keep their notification fd open
across a call to seccomp_reset(NULL, ...) can simply dup() it.
Although one would have to wonder why the application would be
calling seccomp_reset(NULL, ...) in that case.
Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man/man3/seccomp_init.3 | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/doc/man/man3/seccomp_init.3 b/doc/man/man3/seccomp_init.3 index 87520cd..7881c35 100644 --- a/doc/man/man3/seccomp_init.3 +++ b/doc/man/man3/seccomp_init.3 @@ -38,8 +38,10 @@ and can only be called after a call to .BR seccomp_init () has succeeded. If .BR seccomp_reset () -is called with a NULL filter, it resets the library's global task state; -normally this is not needed, but it may be required to continue using the +is called with a NULL filter, it resets the library's global task state, +including any notification file descriptors retrieved by +.BR seccomp_notify_fd(3) . +Normally this is not needed, but it may be required to continue using the library after a .BR fork () or |