> +.BR SECCOMP_RET_USER_NOTIF " (since Linux 4.21)" > +Forwards the syscall to an attached listener in userspace to allow userspace to > +decide what to do with the syscall. If there is no attached listener (either > +because the filter was not installed with the > +.BR SECCOMP_FILTER_FLAG_NEW_LISTENER > +or because the fd was closed), the filter returns > +.BR ENOSYS > +similar to what happens when a filter returns > +.BR SECCOMP_RET_TRACE > +and there is no tracer. See "Userspace Notification" below for more details. Two more things need to be clearly stated here: (1) The system call is *not* executed. (2) Execution of the process blocks until the tracer sends a response. Thanks, Michael
