diff options
author | Tycho Andersen <tycho.andersen@canonical.com> | 2015-09-11 13:53:28 +0200 |
---|---|---|
committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2015-09-11 14:00:31 +0200 |
commit | e3cfeba2ff4f4aa45d8f0ea47c2ce6aa3c04c546 (patch) | |
tree | 6fcf8cad1ff980cdefb5a3c9cd65197c7a02eb5a | |
parent | a0742a27bedebf401a2270970368624fd11861be (diff) | |
download | man-pages-e3cfeba2ff4f4aa45d8f0ea47c2ce6aa3c04c546.tar.gz |
ptrace.2: Document PTRACE_O_SUSPEND_SECCOMP flag
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
CC: Kees Cook <keescook@chromium.org>
CC: Andy Lutomirski <luto@amacapital.net>
CC: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
-rw-r--r-- | man2/ptrace.2 | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/man2/ptrace.2 b/man2/ptrace.2 index c2c92cdf16..47c96b1c24 100644 --- a/man2/ptrace.2 +++ b/man2/ptrace.2 @@ -592,6 +592,18 @@ The seccomp event message data (from the .BR SECCOMP_RET_DATA portion of the seccomp filter rule) can be retrieved with .BR PTRACE_GETEVENTMSG . +.TP +.BR PTRACE_O_SUSPEND_SECCOMP " (since Linux 4.2)" +Suspend the tracee's seccomp protections. This applies regardless of mode, and +can be used when the tracee has not yet installed seccomp filters. That is, a +valid usecase is to suspend a tracee's seccomp protections before they are +installed by the tracee, let the tracee install the filters, and then clear +this flag when the filters should be resumed. Setting this option requires that +the tracer have +.BR CAP_SYS_ADMIN , +not have any seccomp protections installed, and not have +.BR PTRACE_O_SUSPEND_SECCOMP +set on itself. .RE .TP .BR PTRACE_GETEVENTMSG " (since Linux 2.5.46)" |