seccomp.2: Document SECCOMP_GET_NOTIF_SIZES

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
CC: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

diff --git a/man2/seccomp.2 b/man2/seccomp.2
index 4cacbbde5d53c33bc0fee552df164b4dca86e514..e5b5825442d241904224fe1bacbd631ae3c178e1 100644 (file)
--- a/man2/seccomp.2
+++ b/man2/seccomp.2
@@ -2,6 +2,7 @@
 .\" and Copyright (C) 2012 Will Drewry <wad@chromium.org>
 .\" and Copyright (C) 2008, 2014,2017 Michael Kerrisk <mtk.manpages@gmail.com>
 .\" and Copyright (C) 2017 Tyler Hicks <tyhicks@canonical.com>
+.\" and Copyright (C) 2020 Tycho Andersen <tycho@tycho.ws>
 .\"
 .\" %%%LICENSE_START(VERBATIM)
 .\" Permission is granted to make and distribute verbatim copies of this
@@ -247,6 +248,29 @@ The value of
 must be 0, and
 .IR args
 must be a pointer to an unsigned 32-bit filter return action.
+.TP
+.BR SECCOMP_GET_NOTIF_SIZES " (since Linux 4.21)"
+Get the sizes of the seccomp userspace notification structures. Since the
+structures include a struct seccomp_data which may grow in size, this command
+can be used to determine how much memory to allocate for sending and receiving
+notifications.
+.IP
+The value of
+.IR flags
+must be 0, and
+.IR args
+must be a pointer to a struct seccomp_notif_sizes, which looks like:
+.IP
+.in +4n
+.EX
+struct seccomp_notif_sizes
+    __u16 seccomp_notif;
+    __u16 seccomp_notif_resp;
+    __u16 seccomp_data;
+};
+.EE
+.in
+.PP
 .SS Filters
 When adding filters via
 .BR SECCOMP_SET_MODE_FILTER ,