Kees, A couple of questions about SECCOMP_MODE_FILTER. I added some words that the arg3 is a pointer to 'struct fprog'. Can you confirmn that's correct? If the CONFIG_SECCOMP_FILTER permits fork(), is the seccomp setting inherited across fork()? Similar question for execve(). Thanks, Michael On Mon, Oct 22, 2012 at 6:56 AM, Michael Kerrisk (man-pages) <mtk.manpages@xxxxxxxxx> wrote: > Hello Kees, > > On Fri, Sep 21, 2012 at 1:37 AM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: >> This adds a short summary of the arguments used for "mode 2" (BPF) >> seccomp. > > Thanks very much. Applied. > > Cheers, > > Michael > > >> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> >> --- >> man2/prctl.2 | 40 ++++++++++++++++++++++++++++++---------- >> 1 files changed, 30 insertions(+), 10 deletions(-) >> >> diff --git a/man2/prctl.2 b/man2/prctl.2 >> index eb53aa8..a44aa32 100644 >> --- a/man2/prctl.2 >> +++ b/man2/prctl.2 >> @@ -41,11 +41,12 @@ >> .\" 2012-04 Cyrill Gorcunov, Document PR_SET_MM >> .\" 2012-04-25 Michael Kerrisk, Document PR_TASK_PERF_EVENTS_DISABLE and >> .\" PR_TASK_PERF_EVENTS_ENABLE >> +.\" 2012-09-20 Kees Cook, update PR_SET_SECCOMP for mode 2 >> .\" >> .\" FIXME: Document PR_SET_TIMERSLACK and PR_GET_TIMERSLACK (new in 2.6.28) >> .\" commit 6976675d94042fbd446231d1bd8b7de71a980ada >> .\" >> -.TH PRCTL 2 2012-04-23 "Linux" "Linux Programmer's Manual" >> +.TH PRCTL 2 2012-09-20 "Linux" "Linux Programmer's Manual" >> .SH NAME >> prctl \- operations on a process >> .SH SYNOPSIS >> @@ -235,11 +236,17 @@ in the location pointed to by >> .\" See http://thread.gmane.org/gmane.linux.kernel/542632 >> .\" [PATCH 0 of 2] seccomp updates >> .\" andrea@xxxxxxxxxxxx >> -Set the secure computing mode for the calling thread. >> -In the current implementation, >> +Set the secure computing mode for the calling thread, to limit >> +the available syscalls. >> +The seccomp mode is selected via >> +.IR arg2 . >> +(The seccomp constants are defined in >> +.IR <linux/seccomp.h> .) >> + >> +With >> .IR arg2 >> -must be 1. >> -After the secure computing mode has been set to 1, >> +set to >> +.BR SECCOMP_MODE_STRICT >> the only system calls that the thread is permitted to make are >> .BR read (2), >> .BR write (2), >> @@ -249,22 +256,35 @@ and >> Other system calls result in the delivery of a >> .BR SIGKILL >> signal. >> -Secure computing mode is useful for number-crunching applications >> +Strict secure computing mode is useful for number-crunching applications >> that may need to execute untrusted byte code, >> perhaps obtained by reading from a pipe or socket. >> This operation is only available >> if the kernel is configured with CONFIG_SECCOMP enabled. >> + >> +With >> +.IR arg2 >> +set to >> +.BR SECCOMP_MODE_FILTER " (since Linux 3.5)" >> +the system calls allowed are >> +defined by a pointer passed in >> +.IR arg3 >> +to a Berkeley Packet Filter, which can be designed to filter >> +arbitrary syscalls and syscall arguments. >> +This mode is only available if the kernel is configured with >> +CONFIG_SECCOMP_FILTER enabled. >> + >> .TP >> .BR PR_GET_SECCOMP " (since Linux 2.6.23)" >> Return the secure computing mode of the calling thread. >> -Not very useful for the current implementation (mode equals 1), >> -but may be useful for other possible future modes: >> -if the caller is not in secure computing mode, this operation returns 0; >> -if the caller is in secure computing mode, then the >> +If the caller is not in secure computing mode, this operation returns 0; >> +if the caller is in strict secure computing mode, then the >> .BR prctl () >> call will cause a >> .B SIGKILL >> signal to be sent to the process. >> +If the caller is in filter mode, and this syscall is allowed by the >> +seccomp filters, it returns 2. >> This operation is only available >> if the kernel is configured with CONFIG_SECCOMP enabled. >> .TP >> -- >> 1.7.0.4 >> >> -- >> Kees Cook >> Chrome OS Security > > > > -- > Michael Kerrisk > Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ > Author of "The Linux Programming Interface"; http://man7.org/tlpi/ -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Author of "The Linux Programming Interface"; http://man7.org/tlpi/ -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html