On Mon, Oct 22, 2012 at 12:34 AM, Michael Kerrisk (man-pages) <mtk.manpages@xxxxxxxxx> wrote: > Kees, > > A couple of questions about SECCOMP_MODE_FILTER. > > I added some words that the arg3 is a pointer to 'struct fprog'. Can > you confirmn that's correct? Correct. Good idea to add this detail. > If the CONFIG_SECCOMP_FILTER permits fork(), is the seccomp setting > inherited across fork()? Similar question for execve(). Yes for both. Additionally, the filters are cumulative. (If the filters allows prctl, additional filters can be appended; they are run in order until the first non-allow result is seen.) -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
