-.TH "seccomp_syscall_priority" 3 "25 July 2012" "paul@paul-moore.com" "libseccomp Documentation"
-.\" //////////////////////////////////////////////////////////////////////////
-.SH NAME
-.\" //////////////////////////////////////////////////////////////////////////
-seccomp_syscall_priority \- Prioritize syscalls in the seccomp filter
-.\" //////////////////////////////////////////////////////////////////////////
-.SH SYNOPSIS
-.\" //////////////////////////////////////////////////////////////////////////
-.nf
-.B #include <seccomp.h>
-.sp
-.B typedef void * scmp_filter_ctx;
-.sp
-.BI "int SCMP_SYS(" syscall_name ");"
-.sp
-.BI "int seccomp_syscall_priority(scmp_filter_ctx " ctx ","
-.BI " int " syscall ", uint8_t " priority ");"
-.sp
-Link with \fI\-lseccomp\fP.
-.fi
-.\" //////////////////////////////////////////////////////////////////////////
-.SH DESCRIPTION
-.\" //////////////////////////////////////////////////////////////////////////
-.P
-The
-.BR seccomp_syscall_priority ()
-function provides a priority hint to the seccomp filter generator in libseccomp
-such that higher priority syscalls are placed earlier in the seccomp filter code
-so that they incur less overhead at the expense of lower priority syscalls. A
-syscall's priority can be set regardless of if any rules currently exist for
-that syscall; the library will remember the priority and it will be assigned to
-the syscall if and when a rule for that syscall is created.
-.P
-While it is possible to specify the
-.I syscall
-value directly using the standard
-.B __NR_syscall
-values, in order to ensure proper operation across multiple architectures it
-is highly recommended to use the
-.BR SCMP_SYS ()
-macro instead. See the EXAMPLES section below.
-.P
-The
-.I priority
-parameter takes an 8-bit value ranging from 0 \- 255; a higher value represents
-a higher priority.
-.P
-The filter context
-.I ctx
-is the value returned by the call to
-.BR seccomp_init ().
-.\" //////////////////////////////////////////////////////////////////////////
-.SH RETURN VALUE
-.\" //////////////////////////////////////////////////////////////////////////
-The
-.BR seccomp_syscall_priority ()
-function returns zero on success, negative errno values on failure. The
-.BR SCMP_SYS ()
-macro returns a value suitable for use as the
-.I syscall
-value in
-.BR seccomp_syscall_priority ().
-.\" //////////////////////////////////////////////////////////////////////////
-.SH EXAMPLES
-.\" //////////////////////////////////////////////////////////////////////////
-.nf
-#include <seccomp.h>
-
-int main(int argc, char *argv[])
-{
- int rc = \-1;
- scmp_filter_ctx ctx;
-
- ctx = seccomp_init(SCMP_ACT_KILL);
- if (ctx == NULL)
- goto out;
-
- /* ... */
-
- rc = seccomp_syscall_priority(ctx, SCMP_SYS(read), 200);
- if (rc < 0)
- goto out;
-
- /* ... */
-
-out:
- seccomp_release(ctx);
- return \-rc;
-}
-.fi
-.\" //////////////////////////////////////////////////////////////////////////
-.SH NOTES
-.\" //////////////////////////////////////////////////////////////////////////
-.P
-While the seccomp filter can be generated independent of the kernel, kernel
-support is required to load and enforce the seccomp filter generated by
-libseccomp.
-.P
-The libseccomp project site, with more information and the source code
-repository, can be found at https://github.com/seccomp/libseccomp. This tool,
-as well as the libseccomp library, is currently under development, please
-report any bugs at the project site or directly to the author.
-.\" //////////////////////////////////////////////////////////////////////////
-.SH AUTHOR
-.\" //////////////////////////////////////////////////////////////////////////
-Paul Moore <paul@paul-moore.com>
-.\" //////////////////////////////////////////////////////////////////////////
-.SH SEE ALSO
-.\" //////////////////////////////////////////////////////////////////////////
-.BR seccomp_rule_add (3),
-.BR seccomp_rule_add_exact (3)