Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp625613imb; Fri, 1 Mar 2019 09:31:52 -0800 (PST) X-Google-Smtp-Source: APXvYqw5BiHQfRSwdhirzRTqRXKMG3s6FbR4q1wJX2n8243uyCOWrLK+WPCBrGyhuvIIgMZ54MYq X-Received: by 2002:a63:e451:: with SMTP id i17mr5831550pgk.413.1551461511965; Fri, 01 Mar 2019 09:31:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551461511; cv=none; d=google.com; s=arc-20160816; b=vKjJQJXV+wVZya9Rt5NAtEBljlvihoE5KeP6eLG4+je9gy5DEewMrfDbR06NYjh8J7 UDoDJ4YBB0YZyaDk+0qUkTv2w3cIYKJWS428a8jISf2KJUQRChCSUKqdxpAmhqvHh0Xp a0Tf1OzXJpeUBz7lVPjkxmTHw1mYeIoBz885QBxBNpZdvvAxkRU8pfm/6rEQmeX0woJs 0Ao9X3asSrre+beqIIhTlBVgwtJUMLKDVnfEX6NcqiMa4eB+bupSO/CUzrVvc4puxMqC J7FkDIcxqB4KsSmwSPcTtu+0UGSrArOs2N5r9PsmnpZN+gm8siiMOj88BSPCY0g8UUDR wgOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=eTwJVeOcTohNa1JlK+xxe/12Q1BA3LxS8y0YAVDj8eY=; b=xHEwvfWP3BLokZUB/xSid9WPIVLmgqm6EVPDLetxYj812e5d7ZuacO0ZqHu88CQjln i2Rzw0W69dhKu2+h/pz+XlB4jyc5EH7RoYrgWS9zTAMV9xjnIg1Z27MiJTPqtQfUAk1r 5QPl4ttVR0FgmnDYdewOMYNeeJLGZ0fUmnkvP4EUr87LZxJss8IzzBq3qUB3NSayAmQj j31qalpkUIKRSqvBnz1mW055Ic/oUdry/pcfwXh/kQkyKfH1I+KAoF9V8M+YWbRevi/r bt0hWXKDCmfwMlkaTUKxWS8r6xP/yEAflwot2QjvpJ7o6oG8oEOZOMry3E+qHeQ7MPhz XHRg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=PdxNjBZD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i39si21396122plb.256.2019.03.01.09.31.36; Fri, 01 Mar 2019 09:31:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=PdxNjBZD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388521AbfCAPTm (ORCPT + 99 others); Fri, 1 Mar 2019 10:19:42 -0500 Received: from mail-pg1-f194.google.com ([209.85.215.194]:42966 "EHLO mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387677AbfCAPTm (ORCPT ); Fri, 1 Mar 2019 10:19:42 -0500 Received: by mail-pg1-f194.google.com with SMTP id b2so11589676pgl.9 for ; Fri, 01 Mar 2019 07:19:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tycho-ws.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=eTwJVeOcTohNa1JlK+xxe/12Q1BA3LxS8y0YAVDj8eY=; b=PdxNjBZDkFD709vPStIgA0/K0FiSNZq2KcOx30IwbGCuyMlrG9pDrzMFFdzEEOmcJN Og1sul/bAIQw0kWWF3j1CFnaYLyDEq5Mw+PY8/3jrKWG1Fgk1SEudNIgMqE56HYyCQ7t CB6bfBbZf094lXAC5qjw9HswB/M0lOBBKmRnYcD/IV19IfNksRg9ANgxKsgLr1UFssYt 05+7xwxPzY8c+C/stPFb8r5O0VJ74dZ9FZGQNFcpQVsBtmBlwLsBMvnctEdPw5tOtmvN yMQ22eC87nvttw5BXZbHmGQ981JRJK5wat4jhamsS5lGmHJpxh4qzC99P28gDUBTRViB WEDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=eTwJVeOcTohNa1JlK+xxe/12Q1BA3LxS8y0YAVDj8eY=; b=mz6KwF1NpFT+vlvLYId4t+6zDGIR9B9lQF6NIRGS85C7ZrOYIJWyX3feItg5nDlx/9 CkOCbWLvOeXYPr+X+wJp+I6HnbleMIHve1nWtpoTTdLNFNv5BmHJpk4+vulrqJ2t59sf LGIjpv2DIw/AIK0MVbxPHaLm8d6CmINeMDKY6NKR0dIAEG2RYMEszgE+sGZM38/hi2w6 4G8r2vKyUldmCpUdjY2jiUI1zwiR7sJ80npGpmFClyB72UGirXYShfOAZz0RvToTsR8c J1/9zncYUJcWwaRhEUhZEz8/J9kxuj7PgDLpM7o2PnlXk1eLz7+tcbp132Vr0FAQopJG QGEQ== X-Gm-Message-State: AHQUAua/oOY3pv+qvbDWh+G0cRv35lhbMCPz/DHKaK5wWWtYTrlQ89Xv akNFE1dBNOKkUXTuqBa7KUWowg== X-Received: by 2002:a62:398d:: with SMTP id u13mr6058928pfj.32.1551453580317; Fri, 01 Mar 2019 07:19:40 -0800 (PST) Received: from cisco ([2601:282:901:dd7b:316c:2a55:1ab5:9f1c]) by smtp.gmail.com with ESMTPSA id l28sm28560712pfi.186.2019.03.01.07.19.38 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 01 Mar 2019 07:19:39 -0800 (PST) Date: Fri, 1 Mar 2019 08:19:37 -0700 From: Tycho Andersen To: "Michael Kerrisk (man-pages)" Cc: "Serge E. Hallyn" , linux-man@vger.kernel.org, Kees Cook , Linux API , lkml , Andy Lutomirski , Jann Horn , Oleg Nesterov , Christian Brauner , "Eric W. Biederman" , Containers , Aleksa Sarai , Tyler Hicks , Akihiro Suda Subject: Re: [PATCH 2/2] seccomp.2: document userspace notification Message-ID: <20190301151937.GE7413@cisco> References: <20181213001106.15268-1-tycho@tycho.ws> <20181213001106.15268-3-tycho@tycho.ws> <2cea5fec-e73e-5749-18af-15c35a4bd23c@gmail.com> <20190301145310.GC7413@cisco> <052d73e2-c786-a760-f03a-a07b5772de5a@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <052d73e2-c786-a760-f03a-a07b5772de5a@gmail.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 01, 2019 at 04:16:27PM +0100, Michael Kerrisk (man-pages) wrote: > Hello Tycho, > > On 3/1/19 3:53 PM, Tycho Andersen wrote: > > On Thu, Feb 28, 2019 at 01:52:19PM +0100, Michael Kerrisk (man-pages) wrote: > >>> +a notification will be sent to this fd. See "Userspace Notification" below for > >> > >> s/fd/file descriptor/ throughout please. > > > > Will do. > > > >>> +more details. > >> > >> I think the description here could be better worded as something like: > >> > >> SECCOMP_FILTER_FLAG_NEW_LISTENER > >> Register a new filter, as usual, but on success return a > >> new file descriptor that provides user-space notifications. > >> When the filter returns SECCOMP_RET_USER_NOTIF, a notification > >> will be provided via this file descriptor. The close-on-exec > >> flag is automatically set on the new file descriptor. ... > >> > >>> .RE > >>> .TP > >>> .BR SECCOMP_GET_ACTION_AVAIL " (since Linux 4.14)" > >>> @@ -606,6 +613,17 @@ file. > >>> .TP > >>> .BR SECCOMP_RET_ALLOW > >>> This value results in the system call being executed. > >>> +.TP > >>> +.BR SECCOMP_RET_USER_NOTIF " (since Linux 4.21)" > >> > >> Please see the start of this hanging list in the manual page. > >> Can you confirm that SECCOMP_RET_USER_NOTIF really is the lowest > >> in the precedence order of all of the filter return values? > > > > Oh, no, I didn't realize it was in a particular order. I'll switch it. > > Just for my immediate education (I'm experimenting right now), > where/how does it fit in the precedence order? In between RET_ERRNO and RET_TRACE; see include/uapi/linux/seccomp.h for details. Tycho