From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Thu, 15 Oct 2020 11:02:36 +0000 (+0200)
Subject: seccomp.2: Warn reader that SECCOMP_RET_TRACE can be overridden
X-Git-Tag: man-pages-5.09~161
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4b6e3782e163bcc05ca2464647ce990af079feb7;p=thirdparty%2Fman-pages.git

seccomp.2: Warn reader that SECCOMP_RET_TRACE can be overridden

Highlight to the reader that if another filter returns a
higher-precedence action value, then the ptracer will not
be notified.

Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---

diff --git a/man2/seccomp.2 b/man2/seccomp.2
index 9d42f22f93..4cacbbde5d 100644
--- a/man2/seccomp.2
+++ b/man2/seccomp.2
@@ -606,6 +606,10 @@ allow use of
 of other
 sandboxed processes\(emwithout extreme care;
 ptracers can use this mechanism to escape from the seccomp sandbox.)
+.IP
+Note that a tracer process will not be notified
+if another filter returns an action value with a precedence greater than
+.BR SECCOMP_RET_TRACE .
 .TP
 .BR SECCOMP_RET_LOG " (since Linux 4.14)"
 .\" commit 59f5cf44a38284eb9e76270c786fb6cc62ef8ac4