[Top] [All Lists]

Re: [PATCH v7 1/1] man-pages: seccomp.2: document syscall

To: "Michael Kerrisk (man-pages)" <>
Subject: Re: [PATCH v7 1/1] man-pages: seccomp.2: document syscall
From: Kees Cook <>
Date: Tue, 24 Jun 2014 09:43:58 -0700
Cc: LKML <>, Andy Lutomirski <>, Alexei Starovoitov <>, Andrew Morton <>, Daniel Borkmann <>, Oleg Nesterov <>, Will Drewry <>, Julien Tinnes <>, David Drysdale <>, Linux API <>, "" <>, "" <>,, linux-arch <>, linux-security-module <>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=6aUiFlzoyglWoV3HG4s7ZfANLOUUgxsr4Oc8LmzvpNo=; b=lDVcx0n2LzTO4q0RkqdYdwUQvkzzByp1Vanbo+kQCVrSpOb4A5UaWL8dSOUit9WZrE h2/vvl3+lxmqzm1Qqlmdjw2TQca5CzSPAbx1NMzmzNiOskGrV/t9J/tNG+gT2IeKwNAr GupNhB9BnUPh82v0oEAhO4jlJwCcGumpsRZ2rst8uQTtosVKjVx1sQ+8hgYZfS9F/Mgy I5uxtZwvGr6Gc0NnvtiK/9/WA8+yH8f+CznqHJ2A1ZQP0UsQmm3CUAkCMye5julRdDZh lINBYM1DNjJ75t6ZU9TaNTt817lwAsLgJi1mKDySKhd/TTjIwkVBkxY+WuSBmPS/XoFF 77YA==
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=6aUiFlzoyglWoV3HG4s7ZfANLOUUgxsr4Oc8LmzvpNo=; b=axHXgVRzP9iIrGG5zs7NRF8pM6IfT+xRytd+o0RpFdKRv9c6QdW/rLVKFJbaVl0d4x QdRUhHmWaMxOC6ACvztVlkBBk/NC2kINuZjRxpULPFy6WDigCA1bicMyp+jMJ9l7M+kC 2DOxYH/un0frXc6S4tet3aopUkOH99/0yR488=
In-reply-to: <>
List-archive: <>
List-help: <>
List-id: linux-mips <>
List-owner: <>
List-post: <>
List-software: Ecartis version 1.0.0
List-subscribe: <>
List-unsubscribe: <>
Original-recipient: rfc822;
References: <> <>
On Tue, Jun 24, 2014 at 3:23 AM, Michael Kerrisk (man-pages)
<> wrote:
> On 06/24/2014 12:01 AM, Kees Cook wrote:
>> Combines documentation from prctl, and in-kernel seccomp_filter.txt,
>> along with new details specific to the new syscall.
> Great work on the man page, Kees! (BTW, just looking at the complexity 
> detailed
> there further supports the decision to grant this functionality as a separate
> syscall, rather than multiplexed into prctl(2).

Great, thanks!

> Would there be some suitable, not too long program that we
> could put in the man page as an example for using filters?

Sure thing. I can modify the "dropper" sample in samples/seccomp. I
will resend the man-page with that added.



Kees Cook
Chrome OS Security

<Prev in Thread] Current Thread [Next in Thread>