From: Vitaly _Vi Shukela <[email protected]>
---
doc/man/man3/seccomp_rule_add.3 | 28 ++++++++++++++++++++++++++--
doc/man/man3/seccomp_rule_add_array.3 | 1 +
doc/man/man3/seccomp_rule_add_array_exact.3 | 1 +
doc/man/man3/seccomp_rule_add_valist.3 | 1 +
doc/man/man3/seccomp_rule_add_valist_exact.3 | 1 +
5 files changed, 30 insertions(+), 2 deletions(-)
create mode 100644 doc/man/man3/seccomp_rule_add_array.3
create mode 100644 doc/man/man3/seccomp_rule_add_array_exact.3
create mode 100644 doc/man/man3/seccomp_rule_add_valist.3
create mode 100644 doc/man/man3/seccomp_rule_add_valist_exact.3
diff --git a/doc/man/man3/seccomp_rule_add.3 b/doc/man/man3/seccomp_rule_add.3
index eeb61dc..17408b8 100644
--- a/doc/man/man3/seccomp_rule_add.3
+++ b/doc/man/man3/seccomp_rule_add.3
@@ -27,6 +27,19 @@ seccomp_rule_add, seccomp_rule_add_exact \- Add a seccomp
filter rule
.BI "int seccomp_rule_add_exact(scmp_filter_ctx " ctx ", uint32_t " action ","
.BI " int " syscall ", unsigned int " arg_cnt ", "
... ");"
.sp
+.BI "int seccomp_rule_add_valist(scmp_filter_ctx " ctx ", "
+.BI " uint32_t " action ", int " syscall ", unsigned int " arg_cnt
", "
+.BI " va_list " arg_list ");"
+.BI "int seccomp_rule_add_valist_exact(scmp_filter_ctx " ctx ", uint32_t "
action ","
+.BI " int " syscall ", unsigned int " arg_cnt ","
+.BI " va_list " arg_list ");"
+.BI "int seccomp_rule_add_array(scmp_filter_ctx " ctx ","
+.BI " uint32_t " action ", int " syscall ", unsigned int " arg_cnt
", "
+.BI " const struct scmp_arg_cmp *" arg_array ");"
+.BI "int seccomp_rule_add_array_exact(scmp_filter_ctx " ctx ","
+.BI " uint32_t " action ", int " syscall ", unsigned int " arg_cnt
","
+.BI " const struct scmp_arg_cmp *" arg_array ");"
+.sp
Link with \fI\-lseccomp\fP.
.fi
.\" //////////////////////////////////////////////////////////////////////////
@@ -49,6 +62,16 @@ filter ruleset,
.BR seccomp_rule_add ()
does guarantee the same behavior regardless of the architecture.
.P
+There are also variants of adding functions that take va_list
+or array of structs:
+.BR seccomp_rule_add_valist ()
+,
+.BR seccomp_rule_add_valist_exact ()
+,
+.BR seccomp_rule_add_array ()
+and
+.BR seccomp_rule_add_array_exact ()
+.P
The newly added filter rule does not take effect until the entire filter is
loaded into the kernel using
.BR seccomp_load (3).
@@ -235,8 +258,9 @@ int main(int argc, char *argv[])
if (rc < 0)
goto out;
- rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1,
- SCMP_CMP(0, SCMP_CMP_EQ, fd));
+ struct scmp_arg_cmp comparations[1] = { SCMP_CMP(0, SCMP_CMP_EQ, fd) };
+ rc = seccomp_rule_add_array(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1,
+ comparations);
if (rc < 0)
goto out;
diff --git a/doc/man/man3/seccomp_rule_add_array.3
b/doc/man/man3/seccomp_rule_add_array.3
new file mode 100644
index 0000000..53714e7
--- /dev/null
+++ b/doc/man/man3/seccomp_rule_add_array.3
@@ -0,0 +1 @@
+.so man3/seccomp_rule_add.3
diff --git a/doc/man/man3/seccomp_rule_add_array_exact.3
b/doc/man/man3/seccomp_rule_add_array_exact.3
new file mode 100644
index 0000000..53714e7
--- /dev/null
+++ b/doc/man/man3/seccomp_rule_add_array_exact.3
@@ -0,0 +1 @@
+.so man3/seccomp_rule_add.3
diff --git a/doc/man/man3/seccomp_rule_add_valist.3
b/doc/man/man3/seccomp_rule_add_valist.3
new file mode 100644
index 0000000..53714e7
--- /dev/null
+++ b/doc/man/man3/seccomp_rule_add_valist.3
@@ -0,0 +1 @@
+.so man3/seccomp_rule_add.3
diff --git a/doc/man/man3/seccomp_rule_add_valist_exact.3
b/doc/man/man3/seccomp_rule_add_valist_exact.3
new file mode 100644
index 0000000..53714e7
--- /dev/null
+++ b/doc/man/man3/seccomp_rule_add_valist_exact.3
@@ -0,0 +1 @@
+.so man3/seccomp_rule_add.3
--
1.7.11.6.1.gada05e2
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
libseccomp-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
