On Thu, Oct 01, 2020 at 02:06:10PM -0700, Sargun Dhillon wrote: > On Wed, Sep 30, 2020 at 4:07 AM Michael Kerrisk (man-pages) > <mtk.manpages@xxxxxxxxx> wrote: > > > > Hi Tycho, Sargun (and all), > > > > I knew it would be a big ask, but below is kind of the manual page > > I was hoping you might write [1] for the seccomp user-space notification > > mechanism. Since you didn't (and because 5.9 adds various new pieces > > such as SECCOMP_ADDFD_FLAG_SETFD and SECCOMP_IOCTL_NOTIF_ADDFD > > that also will need documenting [2]), I did :-). But of course I may > > have made mistakes... > > > > I've shown the rendered version of the page below, and would love > > to receive review comments from you and others, and acks, etc. > > > > There are a few FIXMEs sprinkled into the page, including one > > that relates to what appears to me to be a misdesign (possibly > > fixable) in the operation of the SECCOMP_IOCTL_NOTIF_RECV > > operation. I would be especially interested in feedback on that > > FIXME, and also of course the other FIXMEs. > > > > The page includes an extensive (albeit slightly contrived) > > example program, and I would be happy also to receive comments > > on that program. > > > > The page source currently sits in a branch (along with the text > > that you sent me for the seccomp(2) page) at > > https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/log/?h=seccomp_user_notif > > > > Thanks, > > > > Michael > > > > [1] https://lore.kernel.org/linux-man/2cea5fec-e73e-5749-18af-15c35a4bd23c@xxxxxxxxx/#t > > [2] Sargun, can you prepare something on SECCOMP_ADDFD_FLAG_SETFD > > and SECCOMP_IOCTL_NOTIF_ADDFD to be added to this page? > > > > ==== > > > > -- > > Michael Kerrisk > > Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ > > Linux/UNIX System Programming Training: http://man7.org/training/ > > Should we consider the SECCOMP_GET_NOTIF_SIZES dance to be "deprecated" at > this point, given that the extensible ioctl mechanism works? If we add > new fields to the > seccomp datastructures, we would move them from fixed-size ioctls, to > variable sized > ioctls that encode the datastructure size / length? > > -- This is mostly a question for Kees and Tycho. It will tell you how big struct seccomp_data in the currently running kernel is, so it still seems useful/necessary to me, unless there's another way to figure that out. But I agree, I don't think the intent is to add anything else to struct seccomp_notif. (I don't know that it ever was.) Tycho
