libseccomp/doc/man/man3/seccomp_syscall_priority.3

   1 .TH "seccomp_syscall_priority" 3 "25 July 2012" "paul@paul-moore.com" "libseccomp Documentation"
   2 .\" //////////////////////////////////////////////////////////////////////////
   3 .SH NAME
   4 .\" //////////////////////////////////////////////////////////////////////////
   5 seccomp_syscall_priority \- Prioritize syscalls in the seccomp filter
   6 .\" //////////////////////////////////////////////////////////////////////////
   7 .SH SYNOPSIS
   8 .\" //////////////////////////////////////////////////////////////////////////
   9 .nf
  10 .B #include <seccomp.h>
  11 .sp
  12 .B typedef void * scmp_filter_ctx;
  13 .sp
  14 .BI "int SCMP_SYS(" syscall_name ");"
  15 .sp
  16 .BI "int seccomp_syscall_priority(scmp_filter_ctx " ctx ","
  17 .BI "                             int " syscall ", uint8_t " priority ");"
  18 .sp
  19 Link with \fI\-lseccomp\fP.
  20 .fi
  21 .\" //////////////////////////////////////////////////////////////////////////
  22 .SH DESCRIPTION
  23 .\" //////////////////////////////////////////////////////////////////////////
  24 .P
  25 The
  26 .BR seccomp_syscall_priority ()
  27 function provides a priority hint to the seccomp filter generator in libseccomp
  28 such that higher priority syscalls are placed earlier in the seccomp filter code
  29 so that they incur less overhead at the expense of lower priority syscalls.  A
  30 syscall's priority can be set regardless of if any rules currently exist for
  31 that syscall; the library will remember the priority and it will be assigned to
  32 the syscall if and when a rule for that syscall is created.
  33 .P
  34 While it is possible to specify the
  35 .I syscall
  36 value directly using the standard
  37 .B __NR_syscall
  38 values, in order to ensure proper operation across multiple architectures it
  39 is highly recommended to use the
  40 .BR SCMP_SYS ()
  41 macro instead.  See the EXAMPLES section below.
  42 .P
  43 The
  44 .I priority
  45 parameter takes an 8-bit value ranging from 0 \- 255; a higher value represents
  46 a higher priority.
  47 .P
  48 The filter context
  49 .I ctx
  50 is the value returned by the call to
  51 .BR seccomp_init ().
  52 .\" //////////////////////////////////////////////////////////////////////////
  53 .SH RETURN VALUE
  54 .\" //////////////////////////////////////////////////////////////////////////
  55 The
  56 .BR seccomp_syscall_priority ()
  57 function returns zero on success, negative errno values on failure.  The
  58 .BR SCMP_SYS ()
  59 macro returns a value suitable for use as the
  60 .I syscall
  61 value in
  62 .BR seccomp_syscall_priority ().
  63 .\" //////////////////////////////////////////////////////////////////////////
  64 .SH EXAMPLES
  65 .\" //////////////////////////////////////////////////////////////////////////
  66 .nf
  67 #include <seccomp.h>
  68
  69 int main(int argc, char *argv[])
  70 {
  71         int rc = \-1;
  72         scmp_filter_ctx ctx;
  73
  74         ctx = seccomp_init(SCMP_ACT_KILL);
  75         if (ctx == NULL)
  76                 goto out;
  77
  78         /* ... */
  79
  80         rc = seccomp_syscall_priority(ctx, SCMP_SYS(read), 200);
  81         if (rc < 0)
  82                 goto out;
  83
  84         /* ... */
  85
  86 out:
  87         seccomp_release(ctx);
  88         return \-rc;
  89 }
  90 .fi
  91 .\" //////////////////////////////////////////////////////////////////////////
  92 .SH NOTES
  93 .\" //////////////////////////////////////////////////////////////////////////
  94 .P
  95 While the seccomp filter can be generated independent of the kernel, kernel
  96 support is required to load and enforce the seccomp filter generated by
  97 libseccomp.
  98 .P
  99 The libseccomp project site, with more information and the source code
 100 repository, can be found at https://github.com/seccomp/libseccomp.  This tool,
 101 as well as the libseccomp library, is currently under development, please
 102 report any bugs at the project site or directly to the author.
 103 .\" //////////////////////////////////////////////////////////////////////////
 104 .SH AUTHOR
 105 .\" //////////////////////////////////////////////////////////////////////////
 106 Paul Moore <paul@paul-moore.com>
 107 .\" //////////////////////////////////////////////////////////////////////////
 108 .SH SEE ALSO
 109 .\" //////////////////////////////////////////////////////////////////////////
 110 .BR seccomp_rule_add (3),
 111 .BR seccomp_rule_add_exact (3)