+++ /dev/null
-.TH "seccomp_attr_set" 3 "21 August 2014" "paul@paul-moore.com" "libseccomp Documentation"
-.\" //////////////////////////////////////////////////////////////////////////
-.SH NAME
-.\" //////////////////////////////////////////////////////////////////////////
-seccomp_attr_set, seccomp_attr_get \- Manage the seccomp filter attributes
-.\" //////////////////////////////////////////////////////////////////////////
-.SH SYNOPSIS
-.\" //////////////////////////////////////////////////////////////////////////
-.nf
-.B #include <seccomp.h>
-.sp
-.B typedef void * scmp_filter_ctx;
-.B enum scmp_filter_attr;
-.sp
-.BI "int seccomp_attr_set(scmp_filter_ctx " ctx ","
-.BI " enum scmp_filter_attr " attr ", uint32_t " value ");"
-.BI "int seccomp_attr_get(scmp_filter_ctx " ctx ","
-.BI " enum scmp_filter_attr " attr ", uint32_t *" value ");"
-.sp
-Link with \fI\-lseccomp\fP.
-.fi
-.\" //////////////////////////////////////////////////////////////////////////
-.SH DESCRIPTION
-.\" //////////////////////////////////////////////////////////////////////////
-.P
-The
-.BR seccomp_attr_set ()
-function sets the different seccomp filter attributes while the
-.BR seccomp_attr_get ()
-function fetches the filter attributes. The seccomp filter attributes are
-tunable values that affect how the library behaves when generating and loading
-the seccomp filter into the kernel. The attributes are reset to their default
-values whenever the filter is initialized or reset via
-.BR seccomp_filter_init (3)
-or
-.BR seccomp_filter_reset (3).
-.P
-The filter context
-.I ctx
-is the value returned by the call to
-.BR seccomp_init (3).
-.P
-Valid
-.I attr
-values are as follows:
-.TP
-.B SCMP_FLTATR_ACT_DEFAULT
-The default filter action as specified in the call to
-.BR seccomp_filter_init (3)
-or
-.BR seccomp_filter_reset (3).
-This attribute is read-only.
-.TP
-.B SCMP_FLTATR_ACT_BADARCH
-The filter action taken when the loaded filter does not match the architecture
-of the executing application. Defaults to the
-.B SCMP_ACT_KILL
-action.
-.TP
-.B SCMP_FLTATR_CTL_NNP
-A flag to specify if the NO_NEW_PRIVS functionality should be enabled before
-loading the seccomp filter into the kernel. If set to off (
-.I value
-== 0) then loading the seccomp filter into the kernel will fail if CAP_SYS_ADMIN
-is not set. Defaults to on (
-.I value
-== 1).
-.TP
-.B SCMP_FLTATR_CTL_TSYNC
-A flag to specify if the kernel should attempt to synchronize the filters
-across all threads on
-.BR seccomp_load (3).
-If the kernel is unable to synchronize all of the thread then the load
-operation will fail. This flag is only available on Linux Kernel 3.17 or
-greater; attempting to enable this flag on earlier kernels will result in an
-error being returned. Defaults to off (
-.I value
-== 0).
-.\" //////////////////////////////////////////////////////////////////////////
-.SH RETURN VALUE
-.\" //////////////////////////////////////////////////////////////////////////
-Returns zero on success, negative errno values on failure.
-.\" //////////////////////////////////////////////////////////////////////////
-.SH EXAMPLES
-.\" //////////////////////////////////////////////////////////////////////////
-.nf
-#include <seccomp.h>
-
-int main(int argc, char *argv[])
-{
- int rc = \-1;
- scmp_filter_ctx ctx;
-
- ctx = seccomp_init(SCMP_ACT_ALLOW);
- if (ctx == NULL)
- goto out;
-
- /* ... */
-
- rc = seccomp_attr_set(ctx, SCMP_FLTATR_ACT_BADARCH, SCMP_ACT_TRAP);
- if (rc < 0)
- goto out;
-
- /* ... */
-
-out:
- seccomp_release(ctx);
- return \-rc;
-}
-.fi
-.\" //////////////////////////////////////////////////////////////////////////
-.SH NOTES
-.\" //////////////////////////////////////////////////////////////////////////
-.P
-While the seccomp filter can be generated independent of the kernel, kernel
-support is required to load and enforce the seccomp filter generated by
-libseccomp.
-.P
-The libseccomp project site, with more information and the source code
-repository, can be found at https://github.com/seccomp/libseccomp. This tool,
-as well as the libseccomp library, is currently under development, please
-report any bugs at the project site or directly to the author.
-.\" //////////////////////////////////////////////////////////////////////////
-.SH AUTHOR
-.\" //////////////////////////////////////////////////////////////////////////
-Paul Moore <paul@paul-moore.com>
-.\" //////////////////////////////////////////////////////////////////////////
-.SH SEE ALSO
-.\" //////////////////////////////////////////////////////////////////////////
-.BR seccomp_init (3),
-.BR seccomp_reset (3),
-.BR seccomp_load (3)
projects / linux-seccomp.git / blobdiff