[PATCH 17/32] seccomp_unotify.2: Minor tweaks to Rodrigo's patch

[PATCH 00/32] Patches from others · Alejandro Colomar <hidden> · 2021-07-28
[PATCH 01/32] readv2: Note preadv2(..., RWF_NOWAIT) bug in BUGS section · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 01/32] readv2: Note preadv2(..., RWF_NOWAIT) bug in BUGS section · Michael Kerrisk (man-pages) <hidden> · 2021-08-08
[PATCH 02/32] readv.2: Minor tweaks to Will's patch · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 02/32] readv.2: Minor tweaks to Will's patch · Michael Kerrisk (man-pages) <hidden> · 2021-08-08
Re: [PATCH 02/32] readv.2: Minor tweaks to Will's patch · Michael Kerrisk (man-pages) <hidden> · 2021-08-08
[PATCH 03/32] vdso.7: Remove outdated limitation for powerpc · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 03/32] vdso.7: Remove outdated limitation for powerpc · Michael Kerrisk (man-pages) <hidden> · 2021-08-08
Re: [PATCH 03/32] vdso.7: Remove outdated limitation for powerpc · Alejandro Colomar (man-pages) <hidden> · 2021-08-08
[PATCH 04/32] vdso.7: Add y2038 compliant gettime for ppc/32 · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 04/32] vdso.7: Add y2038 compliant gettime for ppc/32 · Michael Kerrisk (man-pages) <hidden> · 2021-08-08
Re: [PATCH 04/32] vdso.7: Add y2038 compliant gettime for ppc/32 · Alejandro Colomar (man-pages) <hidden> · 2021-08-08
Re: [PATCH 04/32] vdso.7: Add y2038 compliant gettime for ppc/32 · Michael Kerrisk (man-pages) <hidden> · 2021-08-08
Re: [PATCH 04/32] vdso.7: Add y2038 compliant gettime for ppc/32 · Michael Kerrisk (man-pages) <hidden> · 2021-08-08
[PATCH 06/32] man2/fallocate.2: tfix documentation of shared blocks · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 06/32] man2/fallocate.2: tfix documentation of shared blocks · Michael Kerrisk (man-pages) <hidden> · 2021-08-08
[PATCH 05/32] posixoptions.7: Fix legacy functions list (s/getcwd/getwd/) · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 05/32] posixoptions.7: Fix legacy functions list (s/getcwd/getwd/) · Michael Kerrisk (man-pages) <hidden> · 2021-08-08
[PATCH 07/32] printf.3: wfix · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 07/32] printf.3: wfix · Michael Kerrisk (man-pages) <hidden> · 2021-08-07
Re: [PATCH 07/32] printf.3: wfix · Alejandro Colomar (man-pages) <hidden> · 2021-08-07
Re: [PATCH 07/32] printf.3: wfix · Alejandro Colomar (man-pages) <hidden> · 2021-08-07
Re: [PATCH 07/32] printf.3: wfix · Michael Kerrisk (man-pages) <hidden> · 2021-08-07
Re: [PATCH 07/32] printf.3: wfix · Sergey Petrakov <hidden> · 2021-08-11
Re: [PATCH 07/32] printf.3: wfix · Michael Kerrisk (man-pages) <hidden> · 2021-08-11
[PATCH 09/32] path_resolution.7: tfix · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 09/32] path_resolution.7: tfix · Michael Kerrisk (man-pages) <hidden> · 2021-08-07
[PATCH 08/32] Various pages: Consistently use '*argv[]' · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 08/32] Various pages: Consistently use '*argv[]' · Michael Kerrisk (man-pages) <hidden> · 2021-08-07
[PATCH 12/32] capabilities.7: tfix · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 12/32] capabilities.7: tfix · Michael Kerrisk (man-pages) <hidden> · 2021-08-07
[PATCH 10/32] futex.2: Document FUTEX_LOCK_PI2 · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 10/32] futex.2: Document FUTEX_LOCK_PI2 · Alejandro Colomar (man-pages) <hidden> · 2021-07-29
Re: [PATCH 10/32] futex.2: Document FUTEX_LOCK_PI2 · Michael Kerrisk (man-pages) <hidden> · 2021-08-07
[PATCH 11/32] futex.2: Minor tweaks to Kurt's patch · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 11/32] futex.2: Minor tweaks to Kurt's patch · Alejandro Colomar (man-pages) <hidden> · 2021-07-29
Re: [PATCH 11/32] futex.2: Minor tweaks to Kurt's patch · Michael Kerrisk (man-pages) <hidden> · 2021-08-07
[PATCH 13/32] user_namespaces.7: fix a ref · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 13/32] user_namespaces.7: fix a ref · Michael Kerrisk (man-pages) <hidden> · 2021-08-07
[PATCH 14/32] capabilities.7, user_namespaces.7: describe CAP_SETFCAP · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 14/32] capabilities.7, user_namespaces.7: describe CAP_SETFCAP · Michael Kerrisk (man-pages) <hidden> · 2021-08-08
Re: [PATCH 14/32] capabilities.7, user_namespaces.7: describe CAP_SETFCAP · Michael Kerrisk (man-pages) <hidden> · 2021-08-08
[PATCH 16/32] seccomp_unotify.2: Add doc for SECCOMP_ADDFD_FLAG_SEND · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 16/32] seccomp_unotify.2: Add doc for SECCOMP_ADDFD_FLAG_SEND · Michael Kerrisk (man-pages) <hidden> · 2021-08-08
Re: [PATCH 16/32] seccomp_unotify.2: Add doc for SECCOMP_ADDFD_FLAG_SEND · Rodrigo Campos <hidden> · 2021-08-09
[PATCH 15/32] capabilities.7: Minor tweaks to Kir's patch · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 15/32] capabilities.7: Minor tweaks to Kir's patch · Alejandro Colomar (man-pages) <hidden> · 2021-07-29
Re: [PATCH 15/32] capabilities.7: Minor tweaks to Kir's patch · Michael Kerrisk (man-pages) <hidden> · 2021-08-08
[PATCH 17/32] seccomp_unotify.2: Minor tweaks to Rodrigo's patch · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 17/32] seccomp_unotify.2: Minor tweaks to Rodrigo's patch · Alejandro Colomar (man-pages) <hidden> · 2021-07-29
Re: [PATCH 17/32] seccomp_unotify.2: Minor tweaks to Rodrigo's patch · Michael Kerrisk (man-pages) <hidden> · 2021-08-08
Re: [PATCH 17/32] seccomp_unotify.2: Minor tweaks to Rodrigo's patch · Alejandro Colomar (man-pages) <hidden> · 2021-08-08
[PATCH 18/32] recv.2: tfix · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 18/32] recv.2: tfix · Michael Kerrisk (man-pages) <hidden> · 2021-08-07
[PATCH 19/32] ascii.7: add vertical rule to separate the two columns · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 19/32] ascii.7: add vertical rule to separate the two columns · Michael Kerrisk (man-pages) <hidden> · 2021-08-07
[PATCH 20/32] wait.2: Add ESRCH for when pid == INT_MIN · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 20/32] wait.2: Add ESRCH for when pid == INT_MIN · Michael Kerrisk (man-pages) <hidden> · 2021-08-07
[PATCH 21/32] seccomp_unotify.2: tfix · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 21/32] seccomp_unotify.2: tfix · Michael Kerrisk (man-pages) <hidden> · 2021-08-08
[PATCH 22/32] proc.5: tfix · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 22/32] proc.5: tfix · Michael Kerrisk (man-pages) <hidden> · 2021-08-07
[PATCH 23/32] scripts/bash_aliases: tfix · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 23/32] scripts/bash_aliases: tfix · Michael Kerrisk (man-pages) <hidden> · 2021-08-07
[PATCH 24/32] namespaces.7: fix confusion caused by text reorganization · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 24/32] namespaces.7: fix confusion caused by text reorganization · Michael Kerrisk (man-pages) <hidden> · 2021-08-07
[PATCH 25/32] pipe.7: also mention writev(2) in atomicity sexion · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 25/32] pipe.7: also mention writev(2) in atomicity sexion · Michael Kerrisk (man-pages) <hidden> · 2021-08-08
[PATCH 26/32] tkill.2: tfix · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 26/32] tkill.2: tfix · Michael Kerrisk (man-pages) <hidden> · 2021-08-07
[PATCH 27/32] strstr.3: Add special case for empty needle · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 27/32] strstr.3: Add special case for empty needle · Michael Kerrisk (man-pages) <hidden> · 2021-08-07
[PATCH 28/32] sigaction.2: Document SA_EXPOSE_TAGBITS and the flag support detection protocol · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 28/32] sigaction.2: Document SA_EXPOSE_TAGBITS and the flag support detection protocol · Michael Kerrisk (man-pages) <hidden> · 2021-08-08
[PATCH 29/32] sigaction.2: Apply minor tweaks to Peter's patch · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 29/32] sigaction.2: Apply minor tweaks to Peter's patch · Alejandro Colomar (man-pages) <hidden> · 2021-07-29
Re: [PATCH 29/32] sigaction.2: Apply minor tweaks to Peter's patch · Michael Kerrisk (man-pages) <hidden> · 2021-08-08
[PATCH 30/32] strlen.3, wcslen.3: Add recommendations for safer variants · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 30/32] strlen.3, wcslen.3: Add recommendations for safer variants · Michael Kerrisk (man-pages) <hidden> · 2021-08-07
Re: [PATCH 30/32] strlen.3, wcslen.3: Add recommendations for safer variants · Alejandro Colomar (man-pages) <hidden> · 2021-08-08
Re: [PATCH 30/32] strlen.3, wcslen.3: Add recommendations for safer variants · Alejandro Colomar (man-pages) <hidden> · 2021-08-08
Re: [PATCH 30/32] strlen.3, wcslen.3: Add recommendations for safer variants · Michael Kerrisk (man-pages) <hidden> · 2021-08-08
Re: [PATCH 30/32] strlen.3, wcslen.3: Add recommendations for safer variants · Alejandro Colomar (man-pages) <hidden> · 2021-08-08
Re: [PATCH 30/32] strlen.3, wcslen.3: Add recommendations for safer variants · Michael Kerrisk (man-pages) <hidden> · 2021-08-08
Re: [PATCH 30/32] strlen.3, wcslen.3: Add recommendations for safer variants · Jonny Grant <hidden> · 2021-08-08
[PATCH 31/32] time.2: wfix regarding year-2038 · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 31/32] time.2: wfix regarding year-2038 · G. Branden Robinson <hidden> · 2021-07-29
Re: [PATCH 31/32] time.2: wfix regarding year-2038 · Viet Than <hidden> · 2021-07-30
Re: [PATCH 31/32] time.2: wfix regarding year-2038 · Michael Kerrisk (man-pages) <hidden> · 2021-08-07
[PATCH 32/32] execve.2: Fix absolute/relative pathname · Alejandro Colomar <hidden> · 2021-07-28
Re: [PATCH 32/32] execve.2: Fix absolute/relative pathname · Michael Kerrisk (man-pages) <hidden> · 2021-08-08
Re: [PATCH 00/32] Patches from others · Michael Kerrisk (man-pages) <hidden> · 2021-08-08

STALE1750d

Revisions (2)

2021-05-09 v1 [diff vs current]
2021-07-28 v1 current

From: Alejandro Colomar <hidden>
Date: 2021-07-28 20:20:33
Subsystem: the rest · Maintainer: Linus Torvalds

Signed-off-by: Alejandro Colomar <redacted>
---
 man2/seccomp_unotify.2 | 32 +++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/man2/seccomp_unotify.2 b/man2/seccomp_unotify.2
index 9bd27214f..ae449ae36 100644
--- a/man2/seccomp_unotify.2
+++ b/man2/seccomp_unotify.2

@@ -740,16 +740,18 @@ use the file descriptor number specified in the
 .I newfd
 field.
 .TP
-.BR SECCOMP_ADDFD_FLAG_SEND
-Available since Linux 5.14, combines the
+.BR SECCOMP_ADDFD_FLAG_SEND " (since Linux 5.14)"
+Combines the
 .B SECCOMP_IOCTL_NOTIF_ADDFD
 ioctl with
 .B SECCOMP_IOCTL_NOTIF_SEND
-into an atomic operation. On successful invocation, the target process's
-errno will be 0 and the return value will be the file descriptor number that was
-installed in the target. If allocating the file descriptor in the tatget fails,
-the target's syscall continues to be blocked until a successful response is
-sent.
+into an atomic operation.
+On successful invocation, the target process's errno will be 0
+and the return value will be the file descriptor number
+that was installed in the target.
+If allocating the file descriptor in the tatget fails,
+the target's syscall continues to be blocked
+until a successful response is sent.
 .RE
 .TP
 .I srcfd

@@ -1149,14 +1151,6 @@ that would
 normally be restarted by the
 .BR SA_RESTART
 flag.
-.PP
-Furthermore, if the supervisor response is a file descriptor
-added with
-.B SECCOMP_IOCTL_NOTIF_ADDFD,
-then the flag
-.B SECCOMP_ADDFD_FLAG_SEND
-can be used to atomically add the file descriptor and return that value,
-making sure no file descriptors are inadvertently leaked into the target.
 .\" FIXME
 .\" About the above, Kees Cook commented:
 .\"

@@ -1176,6 +1170,14 @@ making sure no file descriptors are inadvertently leaked into the target.
 .\" calls because it's impossible for the kernel to restart the call
 .\" with the right timeout value. I wonder what happens when those
 .\" system calls are restarted in the scenario we're discussing.)
+.PP
+Furthermore, if the supervisor response is a file descriptor
+added with
+.B SECCOMP_IOCTL_NOTIF_ADDFD,
+then the flag
+.B SECCOMP_ADDFD_FLAG_SEND
+can be used to atomically add the file descriptor and return that value,
+making sure no file descriptors are inadvertently leaked into the target.
 .SH BUGS
 If a
 .BR SECCOMP_IOCTL_NOTIF_RECV

-- 
2.32.0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help