Received: by 10.223.164.202 with SMTP id h10csp2366197wrb; Sat, 18 Nov 2017 20:23:02 -0800 (PST) X-Google-Smtp-Source: AGs4zMYS77pgUmRmlaA70Fs13AzjwJymofoa7xJqnpOOjnDanwql6oxCSPa1PjQYO9Nj/r85Gdei X-Received: by 10.84.149.168 with SMTP id m37mr9885659pla.36.1511065382491; Sat, 18 Nov 2017 20:23:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1511065382; cv=none; d=google.com; s=arc-20160816; b=K12NG5XxxGGQR/4D/55O7lxpFxttM5f66vfBfLGVUSw8qDwE77aaFxvcTLQQXZ1klf 4bH3z8WLG4t+nZydL7LHHKVVOq20ANBZxUnufdIZa5k3bWfUxyN5gYmsFyJlGdgUplOD iuXFDM6lxfgjcqfHIPsrb64mV3XMRAt4T3CsrPzBkkaofoKpmYYh0DzC20UApm9MYLba mwdE3Zd1dzQbeut0UyOJFurgt6BeYaaeVbDdF/sjSSWiB+1kzpnvkPVvidEaYYI9iVQt b1Oyf8LhfdzvvhxHp/IzqFKmhbvgHPBXFCT/X1SICHmvIQWmcwFX7jZIeax+5jy+RrnN q/LQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:reply-to:mime-version:dkim-signature :arc-authentication-results; bh=8WKnebwbp1G3vbip1PNxyBRxtU43pmYQS4KoM5TgYQk=; b=UygLP/gUiKXnY8OirzJBoML2voRTlxFXvG7oYItqZ+mA681p6SXRRfZH6Q/DNWLYI8 4UYfzq5AkKj1Mg/9b7JTtYHJguqLfmBGeBLAY7rLTvwqb3VMSqvL1dQ4wMhL7fgwIdCt eTjPaJhlTnorF88mQUDV3S7FAKt/7h+wgDC3GAxXQEJNIcit3aFdgBA3u7wdnkz9tRCY pIVFXThCpaCB8bGtduKPK97sG+onchE3Kcy8+y3wzuCkQ2idqNeK8KQxs/tNY4cvlYF9 /RoOSoTnwRj7ule5QWcSqb320stCihWormPsRrutqWdQbV4vj607eMElz9RjPfzgyMUV psNQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=r+55D0QP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v10si4849998plp.37.2017.11.18.20.22.49; Sat, 18 Nov 2017 20:23:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=r+55D0QP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1163971AbdKRW26 (ORCPT + 92 others); Sat, 18 Nov 2017 17:28:58 -0500 Received: from mail-wm0-f43.google.com ([74.125.82.43]:44071 "EHLO mail-wm0-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1162615AbdKRW2w (ORCPT ); Sat, 18 Nov 2017 17:28:52 -0500 Received: by mail-wm0-f43.google.com with SMTP id r68so12517304wmr.3; Sat, 18 Nov 2017 14:28:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:cc; bh=8WKnebwbp1G3vbip1PNxyBRxtU43pmYQS4KoM5TgYQk=; b=r+55D0QP5O8sGQGROzTNZxpCcEEUFoAQ6kFJi/Om5ppQFeuVXnkfRAyEE5I++rdbtl zb5MDhDFGeNywwtdip2/fXrqbUuILZwfxtRr4XLMxryS8MK8JmM7nRPbSxIonnda+wG9 QU3M0EisfvmWmJujcBS4DghT6H92exdraEBj6Le3Tkbt+EvhZjZW9PkwV1FBkUsnkvxo p+QCMwtqNwl1dWUVYDFzd9RsC80OD8NtlcTa5s4JLJFmZ2yDbwebzFuGd68vHTGmisC7 eVV0QEkogYCQ8us1TQGBxogaGkQj7av4EDLfCAGVck3RLkEHthp7oNIf68mNgLdI8gTn E6cw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :from:date:message-id:subject:to:cc; bh=8WKnebwbp1G3vbip1PNxyBRxtU43pmYQS4KoM5TgYQk=; b=QysbE4cvysfBhwDzRtAHe6et893nlsURj9q5+WNHr+oQCR0OiBzsgDiUYzHdQyBVFa 26UpHaLhqyPWzYzLHy9seyo65DwLvaKWlQFf0bO41o0lM8Jy4Uqfembp0HTbelTW6tOE poUiJmfAJxtYk0O6GlxkA/YUl5FkqdyRW5E9B8tY4kKhUkZyWmOSdStJQusEaVio2dod 6jP4YBfOE9Yrj0cFVOq+KyR56eDoYnHTG0BmaeoA1yS9GNXqBnYz7esT1d7pOXGT/9BG VaG02N053cQBJlF6F3rqZjaD+mIolqCpintm4KCrPc8/VljRU9YwFqxgy8Ky8ywNsb2K 1Sbg== X-Gm-Message-State: AJaThX6GlUapoGJZ6W0FJb8wqzS98qhEcgiPYK9eWesrn5KZkVOIdfl7 NtwOegot2cVHEoXTmGFgAm3j5ib5MsQFs3mmUK8= X-Received: by 10.80.139.203 with SMTP id n11mr13111611edn.200.1511044131421; Sat, 18 Nov 2017 14:28:51 -0800 (PST) MIME-Version: 1.0 Received: by 10.80.245.52 with HTTP; Sat, 18 Nov 2017 14:28:31 -0800 (PST) Reply-To: mtk.manpages@gmail.com In-Reply-To: References: From: "Michael Kerrisk (man-pages)" Date: Sat, 18 Nov 2017 23:28:31 +0100 Message-ID: Subject: Re: seccomp() SECCOMP_RET_KILL_PROCESS text for man page To: Kees Cook Cc: Tyler Hicks , linux-man , lkml Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Kees! On 18 November 2017 at 21:52, Kees Cook wrote: > On Sat, Nov 18, 2017 at 12:04 PM, Michael Kerrisk (man-pages) > wrote: >> Hi Kees, >> >> I came up with the following text (patch below) to describe the >> SECCOMP_RET_KILL_PROCESS action that you added in 4.14. Does it >> look okay? >> >> SECCOMP_RET_KILL_PROCESS (since Linux 4.14) >> This value results in immediate termination of the process, >> with a core dump. The system call is not executed. By >> contrast with SECCOMP_RET_KILL_THREAD below, all threads in >> the thread group are terminated. (For a discussion of >> thread groups, see the description of the CLONE_THREAD flag >> in clone(2).) >> >> The process terminates as though killed by a SIGSYS signal. >> Even if a signal handler has been registered for SIGSYS, >> the handler will be ignored in this case and the process >> always terminates. To a parent process that is waiting on >> this process (using waitpid(2) or similar), the returned >> wstatus will indicate that its child was terminated as >> though by a SIGSYS signal. >> >> Cheers, >> >> Michael >> >> >> diff --git a/man2/seccomp.2 b/man2/seccomp.2 >> index 2e912940e..1b6bb2e51 100644 >> --- a/man2/seccomp.2 >> +++ b/man2/seccomp.2 >> @@ -399,6 +399,36 @@ returned by execution of all of the filters. >> In decreasing order of precedence, >> the values that may be returned by a seccomp filter are: >> .TP >> +.BR SECCOMP_RET_KILL_PROCESS " (since Linux 4.14)" >> +.\" commit 4d3b0b05aae9ee9ce0970dc4cc0fb3fad5e85945 >> +.\" commit 0466bdb99e8744bc9befa8d62a317f0fd7fd7421 >> +This value results in immediate termination of the process, >> +with a core dump. >> +The system call is not executed. >> +By contrast with >> +.BR SECCOMP_RET_KILL_THREAD >> +below, all threads in the thread group are terminated. >> +(For a discussion of thread groups, see the description of the >> +.BR CLONE_THREAD >> +flag in >> +.BR clone (2).) >> +.IP >> +The process terminates >> +.I "as though" >> +killed by a >> +.B SIGSYS >> +signal. >> +Even if a signal handler has been registered for >> +.BR SIGSYS , >> +the handler will be ignored in this case and the process always terminates. >> +To a parent process that is waiting on this process (using >> +.BR waitpid (2) >> +or similar), the returned >> +.I wstatus >> +will indicate that its child was terminated as though by a >> +.BR SIGSYS >> +signal. >> +.TP >> .BR SECCOMP_RET_KILL_THREAD " (or " SECCOMP_RET_KILL ) >> This value results in immediate termination of the thread >> that made the system call. > > This is perfect, thank you! Good. Thanks for checking it. > One thing to adjust elsewhere would be to rename SECCOMP_RET_ACTION to > SECCOMP_RET_ACTION_FULL (the new mask covers the bits used by > SECCOMP_RET_KILL_PROCESS). Thanks. I missed that detail. I've made that change in the manual page. Cheers, Michael -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Linux/UNIX System Programming Training: http://man7.org/training/ From 1584466847547702062@xxx Sun Nov 19 04:22:17 +0000 2017 X-GM-THRID: 1584466720357786746 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread