Hello Tycho, On 18 June 2015 at 23:31, Tycho Andersen <tycho.andersen@xxxxxxxxxxxxx> wrote: > On Thu, Jun 18, 2015 at 12:27:48PM -0700, Kees Cook wrote: >> >> This should probably also mention the CAP_SYS_ADMIN requirement. >> Otherwise, it looks good! > > Good point, attached is an updated patch. Thanks for the patch. I applied, and updated the kernel version to be 4.3. Cheers, Michael diff --git a/man2/ptrace.2 b/man2/ptrace.2 index c2c92cd..47c96b1 100644 --- a/man2/ptrace.2 +++ b/man2/ptrace.2 @@ -592,6 +592,18 @@ The seccomp event message data (from the .BR SECCOMP_RET_DATA portion of the seccomp filter rule) can be retrieved with .BR PTRACE_GETEVENTMSG . +.TP +.BR PTRACE_O_SUSPEND_SECCOMP " (since Linux 4.2)" +Suspend the tracee's seccomp protections. This applies regardless of mode, and +can be used when the tracee has not yet installed seccomp filters. That is, a +valid usecase is to suspend a tracee's seccomp protections before they are +installed by the tracee, let the tracee install the filters, and then clear +this flag when the filters should be resumed. Setting this option requires that +the tracer have +.BR CAP_SYS_ADMIN , +not have any seccomp protections installed, and not have +.BR PTRACE_O_SUSPEND_SECCOMP +set on itself. .RE .TP .BR PTRACE_GETEVENTMSG " (since Linux 2.5.46)" -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Linux/UNIX System Programming Training: http://man7.org/training/ -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
