seccomp.2: Add some details for SECCOMP_FILTER_FLAG_NEW_LISTENER

Rework the description a little, and note that the close-on-exec
flag is set for the returned file descriptor.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

diff --git a/man2/seccomp.2 b/man2/seccomp.2
index 6cde0ad210f9607bae75ba8452ee5f22db17a4df..5aa3d7c6f01a184d458d9a2104b666a87dcc1bc3 100644 (file)
--- a/man2/seccomp.2
+++ b/man2/seccomp.2
@@ -219,8 +219,9 @@ file.
 .TP
 .BR SECCOMP_FILTER_FLAG_NEW_LISTENER " (since Linux 5.0)"
 .\" commit 6a21cc50f0c7f87dae5259f6cfefe024412313f6
-With this flag,
-a new user-space notification file descriptor is returned on success.
+After successfully installing the filter program,
+return a new user-space notification file descriptor.
+(The close-on-exec flag is set for the file descriptor.)
 When the filter returns
 .BR SECCOMP_RET_USER_NOTIF
 a notification will be sent to this file descriptor.