seccomp: Remove 2-phase API documentation
Fixes: 8112c4f140
("seccomp: remove 2-phase API")
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
This commit is contained in:
parent
4b056a4bee
commit
8ccc7d6bad
11
arch/Kconfig
11
arch/Kconfig
@ -336,17 +336,6 @@ config HAVE_ARCH_SECCOMP_FILTER
|
|||||||
results in the system call being skipped immediately.
|
results in the system call being skipped immediately.
|
||||||
- seccomp syscall wired up
|
- seccomp syscall wired up
|
||||||
|
|
||||||
For best performance, an arch should use seccomp_phase1 and
|
|
||||||
seccomp_phase2 directly. It should call seccomp_phase1 for all
|
|
||||||
syscalls if TIF_SECCOMP is set, but seccomp_phase1 does not
|
|
||||||
need to be called from a ptrace-safe context. It must then
|
|
||||||
call seccomp_phase2 if seccomp_phase1 returns anything other
|
|
||||||
than SECCOMP_PHASE1_OK or SECCOMP_PHASE1_SKIP.
|
|
||||||
|
|
||||||
As an additional optimization, an arch may provide seccomp_data
|
|
||||||
directly to seccomp_phase1; this avoids multiple calls
|
|
||||||
to the syscall_xyz helpers for every syscall.
|
|
||||||
|
|
||||||
config SECCOMP_FILTER
|
config SECCOMP_FILTER
|
||||||
def_bool y
|
def_bool y
|
||||||
depends on HAVE_ARCH_SECCOMP_FILTER && SECCOMP && NET
|
depends on HAVE_ARCH_SECCOMP_FILTER && SECCOMP && NET
|
||||||
|
Loading…
Reference in New Issue
Block a user