On Tue, Jun 17, 2008 at 7:34 PM, Andrea Arcangeli <andrea@xxxxxxxxxxxx> wrote: > On Tue, Jun 17, 2008 at 12:12:14PM -0400, Valdis.Kletnieks@xxxxxx wrote: >> On Tue, 17 Jun 2008 15:32:29 +0200, Michael Kerrisk said: >> > On Mon, Jun 16, 2008 at 6:25 PM, Andrea Arcangeli <andrea@xxxxxxxxxxxx> wrote: >> > > On Mon, Jun 16, 2008 at 02:15:13PM +0200, Michael Kerrisk wrote: >> >> > >> PR_GET_SECCOMP (since Linux 2.6.23) >> > >> Return the secure computing mode of the calling thread. >> > >> Not very useful: if the caller is not in secure computing >> > >> mode, this operation returns 0; if the caller is in secure >> > >> computing mode, then the prctl() call will cause a SIGKILL >> > >> signal to be sent to the process. This operation is only >> > >> available if the kernel is configured with CONFIG_SECCOMP >> > >> enabled. >> >> Would it make sense to change the text to read "Not very useful for the >> current implementation of mode=1" and/or add that it may be useful for > > Yes, makes sense to me ;). I've made a change something like you suggest, Valdis. But I'm still not really convinced that it will be useful in the future. The problem is that as things stand, we would *never* be able to safely make the prctl(PR_GET_SECCOMP) call, since there is a chance (if mode is 1) that we would be killed by SIGKILL. -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ man-pages online: http://www.kernel.org/doc/man-pages/online_pages.html Found a bug? http://www.kernel.org/doc/man-pages/reporting_bugs.html -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
