seccomp.2: Some reworking of Tycho's SECCOMP_RET_USER_NOTIF patch

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

diff --git a/man2/seccomp.2 b/man2/seccomp.2
index 5ead163b78bfea667f0572e31ae0ff09f9d766a6..9f729a728916a3f0bdb406844b3c05b558c17568 100644 (file)
--- a/man2/seccomp.2
+++ b/man2/seccomp.2
@@ -600,16 +600,21 @@ portion of the filter's return value being passed to user space as the
 .IR errno
 value without executing the system call.
 .TP
-.BR SECCOMP_RET_USER_NOTIF " (since Linux 4.21)"
-Forwards the syscall to an attached listener in userspace to allow userspace to
-decide what to do with the syscall. If there is no attached listener (either
+.BR SECCOMP_RET_USER_NOTIF " (since Linux 5.0)"
+.\" commit 6a21cc50f0c7f87dae5259f6cfefe024412313f6
+Forward the system call to an attached user-space listening
+process to allow that process to decide what to do with the system call.
+If there is no attached listener (either
 because the filter was not installed with the
 .BR SECCOMP_FILTER_FLAG_NEW_LISTENER
-or because the fd was closed), the filter returns
+flag or because the file descriptor was closed), the filter returns
 .BR ENOSYS
-similar to what happens when a filter returns
+(similar to what happens when a filter returns
 .BR SECCOMP_RET_TRACE
-and there is no tracer. See "Userspace Notification" below for more details.
+and there is no tracer).
+See
+.BR seccomp_unotify (2)
+for further details.
 .TP
 .BR SECCOMP_RET_TRACE
 When returned, this value will cause the kernel to attempt to notify a