Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756276Ab2JVVns (ORCPT ); Mon, 22 Oct 2012 17:43:48 -0400 Received: from mail-ie0-f174.google.com ([209.85.223.174]:55606 "EHLO mail-ie0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755814Ab2JVVnq (ORCPT ); Mon, 22 Oct 2012 17:43:46 -0400 MIME-Version: 1.0 Reply-To: mtk.manpages@gmail.com In-Reply-To: References: <20120920233700.GA3363@www.outflux.net> From: "Michael Kerrisk (man-pages)" Date: Mon, 22 Oct 2012 23:43:25 +0200 Message-ID: Subject: Re: [RESEND][PATCH] prctl: update seccomp sections for mode 2 (BPF) To: Kees Cook Cc: linux-man@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, wad@chromium.org Content-Type: text/plain; charset=ISO-8859-1 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 788 Lines: 23 >> If the CONFIG_SECCOMP_FILTER permits fork(), is the seccomp setting >> inherited across fork()? Similar question for execve(). > > Yes for both. Additionally, the filters are cumulative. (If the > filters allows prctl, additional filters can be appended; they are run > in order until the first non-allow result is seen.) Thanks. I'll add some words to the man page. Cheers, Michael -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Author of "The Linux Programming Interface"; http://man7.org/tlpi/ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/