From: Michael Kerrisk Date: Wed, 14 Oct 2020 06:05:15 +0000 (+0200) Subject: seccomp.2, seccomp_user_notif.2: Clarify that there can be only one SECCOMP_FILTER_FL... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7c3b208398154e0b63f95d1329c3efa6d722eb1b;p=thirdparty%2Fman-pages.git seccomp.2, seccomp_user_notif.2: Clarify that there can be only one SECCOMP_FILTER_FLAG_NEW_LISTENER Reported-by: Christian Brauner Signed-off-by: Michael Kerrisk --- diff --git a/man2/seccomp.2 b/man2/seccomp.2 index 7617537ceb..362210551c 100644 --- a/man2/seccomp.2 +++ b/man2/seccomp.2 @@ -222,6 +222,11 @@ return a new user-space notification file descriptor. When the filter returns .BR SECCOMP_RET_USER_NOTIF a notification will be sent to this file descriptor. +.IP +At most one seccomp filter using the +.BR SECCOMP_FILTER_FLAG_NEW_LISTENER +flag can be installed for a thread. +.IP See .BR seccomp_user_notif (2) for further details. @@ -798,6 +803,12 @@ capability in its user namespace, or had not set before using .BR SECCOMP_SET_MODE_FILTER . .TP +.BR EBUSY +While installing a new filter, the +.BR SECCOMP_FILTER_FLAG_NEW_LISTENER +flag was specified, +but a previous filter had already been installed with that flag. +.TP .BR EFAULT .IR args was not a valid address. diff --git a/man2/seccomp_user_notif.2 b/man2/seccomp_user_notif.2 index 7a4b9d3b41..322386da52 100644 --- a/man2/seccomp_user_notif.2 +++ b/man2/seccomp_user_notif.2 @@ -92,6 +92,7 @@ Consequently, the return value of the (successful) .BR seccomp (2) call is a new "listening" file descriptor that can be used to receive notifications. +Only one such "listener" can be established. .IP \(bu In cases where it is appropriate, the seccomp filter returns the action value .BR SECCOMP_RET_USER_NOTIF .