Hi Kees,
Ping!
Cheers,
Michael
On 6 April 2015 at 17:29, Michael Kerrisk (man-pages)
<[email protected]> wrote:
> Hi Kees,
>
> I recently was asked about the point below, and had to go check the code
> to be sure, since the man page said nothing. It would be good to have
> a confirmation: the seccomp_data buffer supplied to a seccomp BPF program
> is read-only, right? (That is, one can't write to the buffer in order to
> change the arguments that a system call actually receives.)
>
> A small man page patch below.
>
> Cheers,
>
> Michael
>
> --- a/man2/seccomp.2
> +++ b/man2/seccomp.2
> @@ -232,15 +232,15 @@ struct sock_filter { /* Filter block */
> };
> .fi
> .in
>
> When executing the instructions, the BPF program operates on the
> system call information made available (i.e., use the
> .BR BPF_ABS
> -addressing mode) as a buffer of the following form:
> +addressing mode) as a (read-only) buffer of the following form:
>
> .in +4n
> .nf
> struct seccomp_data {
> int nr; /* System call number */
> __u32 arch; /* AUDIT_ARCH_* value
> (see <linux/audit.h>) */
>
>
> --
> Michael Kerrisk
> Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
> Linux/UNIX System Programming Training: http://man7.org/training/
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/