seccomp.2: Describe use of 'instruction_pointer' data field

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
author: Michael Kerrisk <mtk.manpages@gmail.com> 2015-09-05 08:43:31 +0200
committer: Michael Kerrisk <mtk.manpages@gmail.com> 2015-09-05 08:43:31 +0200
commit: 712551eaadb5d50f75395a980132d7e691ad877e (patch)
tree: 65720a63647a8df1b4d2a1b019685bf89f2d87ae
parent: 944a31e27f52cb18b8875c8659d8938fda00e171 (diff)
download: man-pages-712551eaadb5d50f75395a980132d7e691ad877e.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/man2/seccomp.2 b/man2/seccomp.2
index 8b869a9f57..8b0bd6e38e 100644
--- a/man2/seccomp.2
+++ b/man2/seccomp.2
@@ -306,6 +306,20 @@ but also to explicitly reject all system calls that contain
 in
 .IR nr .
 
+The
+.I instruction_pointer
+field provides the address of the machine-language instruction that
+performed the system call.
+This might be useful in conjunction with the use of
+.I /proc/[pid]/maps
+to perform checks based on which region (mapping) of the program
+made the system call.
+(Probably, it is wise to lock down the
+.BR mmap (2)
+and
+.BR mprotect (2)
+system calls to prevent the program from subverting such checks.)
+
 When checking values from
 .IR args
 against a blacklist, keep in mind that arguments are often
@@ -777,6 +791,7 @@ main(int argc, char **argv)
 .BR prctl (2),
 .BR ptrace (2),
 .BR sigaction (2),
+.BR proc (5),
 .BR signal (7),
 .BR socket (7)
 .sp
author	Michael Kerrisk <mtk.manpages@gmail.com>	2015-09-05 08:43:31 +0200
committer	Michael Kerrisk <mtk.manpages@gmail.com>	2015-09-05 08:43:31 +0200
commit	712551eaadb5d50f75395a980132d7e691ad877e (patch)
tree	65720a63647a8df1b4d2a1b019685bf89f2d87ae
parent	944a31e27f52cb18b8875c8659d8938fda00e171 (diff)
download	man-pages-712551eaadb5d50f75395a980132d7e691ad877e.tar.gz