X-Git-Url: http://git.ieval.ro/?a=blobdiff_plain;f=libseccomp%2Fdoc%2Fman%2Fman3%2Fseccomp_attr_set.3;fp=libseccomp%2Fdoc%2Fman%2Fman3%2Fseccomp_attr_set.3;h=0000000000000000000000000000000000000000;hb=a7f80a138de41255578bc28d034438a295ecbb2e;hp=806b223188366a29c9469856c95add7896e8f4d6;hpb=a8d04cb21e9ce2cfa37d893162df3e4943d9e480;p=linux-seccomp.git diff --git a/libseccomp/doc/man/man3/seccomp_attr_set.3 b/libseccomp/doc/man/man3/seccomp_attr_set.3 deleted file mode 100644 index 806b223..0000000 --- a/libseccomp/doc/man/man3/seccomp_attr_set.3 +++ /dev/null @@ -1,132 +0,0 @@ -.TH "seccomp_attr_set" 3 "21 August 2014" "paul@paul-moore.com" "libseccomp Documentation" -.\" ////////////////////////////////////////////////////////////////////////// -.SH NAME -.\" ////////////////////////////////////////////////////////////////////////// -seccomp_attr_set, seccomp_attr_get \- Manage the seccomp filter attributes -.\" ////////////////////////////////////////////////////////////////////////// -.SH SYNOPSIS -.\" ////////////////////////////////////////////////////////////////////////// -.nf -.B #include -.sp -.B typedef void * scmp_filter_ctx; -.B enum scmp_filter_attr; -.sp -.BI "int seccomp_attr_set(scmp_filter_ctx " ctx "," -.BI " enum scmp_filter_attr " attr ", uint32_t " value ");" -.BI "int seccomp_attr_get(scmp_filter_ctx " ctx "," -.BI " enum scmp_filter_attr " attr ", uint32_t *" value ");" -.sp -Link with \fI\-lseccomp\fP. -.fi -.\" ////////////////////////////////////////////////////////////////////////// -.SH DESCRIPTION -.\" ////////////////////////////////////////////////////////////////////////// -.P -The -.BR seccomp_attr_set () -function sets the different seccomp filter attributes while the -.BR seccomp_attr_get () -function fetches the filter attributes. The seccomp filter attributes are -tunable values that affect how the library behaves when generating and loading -the seccomp filter into the kernel. The attributes are reset to their default -values whenever the filter is initialized or reset via -.BR seccomp_filter_init (3) -or -.BR seccomp_filter_reset (3). -.P -The filter context -.I ctx -is the value returned by the call to -.BR seccomp_init (3). -.P -Valid -.I attr -values are as follows: -.TP -.B SCMP_FLTATR_ACT_DEFAULT -The default filter action as specified in the call to -.BR seccomp_filter_init (3) -or -.BR seccomp_filter_reset (3). -This attribute is read-only. -.TP -.B SCMP_FLTATR_ACT_BADARCH -The filter action taken when the loaded filter does not match the architecture -of the executing application. Defaults to the -.B SCMP_ACT_KILL -action. -.TP -.B SCMP_FLTATR_CTL_NNP -A flag to specify if the NO_NEW_PRIVS functionality should be enabled before -loading the seccomp filter into the kernel. If set to off ( -.I value -== 0) then loading the seccomp filter into the kernel will fail if CAP_SYS_ADMIN -is not set. Defaults to on ( -.I value -== 1). -.TP -.B SCMP_FLTATR_CTL_TSYNC -A flag to specify if the kernel should attempt to synchronize the filters -across all threads on -.BR seccomp_load (3). -If the kernel is unable to synchronize all of the thread then the load -operation will fail. This flag is only available on Linux Kernel 3.17 or -greater; attempting to enable this flag on earlier kernels will result in an -error being returned. Defaults to off ( -.I value -== 0). -.\" ////////////////////////////////////////////////////////////////////////// -.SH RETURN VALUE -.\" ////////////////////////////////////////////////////////////////////////// -Returns zero on success, negative errno values on failure. -.\" ////////////////////////////////////////////////////////////////////////// -.SH EXAMPLES -.\" ////////////////////////////////////////////////////////////////////////// -.nf -#include - -int main(int argc, char *argv[]) -{ - int rc = \-1; - scmp_filter_ctx ctx; - - ctx = seccomp_init(SCMP_ACT_ALLOW); - if (ctx == NULL) - goto out; - - /* ... */ - - rc = seccomp_attr_set(ctx, SCMP_FLTATR_ACT_BADARCH, SCMP_ACT_TRAP); - if (rc < 0) - goto out; - - /* ... */ - -out: - seccomp_release(ctx); - return \-rc; -} -.fi -.\" ////////////////////////////////////////////////////////////////////////// -.SH NOTES -.\" ////////////////////////////////////////////////////////////////////////// -.P -While the seccomp filter can be generated independent of the kernel, kernel -support is required to load and enforce the seccomp filter generated by -libseccomp. -.P -The libseccomp project site, with more information and the source code -repository, can be found at https://github.com/seccomp/libseccomp. This tool, -as well as the libseccomp library, is currently under development, please -report any bugs at the project site or directly to the author. -.\" ////////////////////////////////////////////////////////////////////////// -.SH AUTHOR -.\" ////////////////////////////////////////////////////////////////////////// -Paul Moore -.\" ////////////////////////////////////////////////////////////////////////// -.SH SEE ALSO -.\" ////////////////////////////////////////////////////////////////////////// -.BR seccomp_init (3), -.BR seccomp_reset (3), -.BR seccomp_load (3)