On Wed, Sep 30, 2020 at 4:07 AM Michael Kerrisk (man-pages) <mtk.manpa...@gmail.com> wrote: > > Hi Tycho, Sargun (and all), > > I knew it would be a big ask, but below is kind of the manual page > I was hoping you might write [1] for the seccomp user-space notification > mechanism. Since you didn't (and because 5.9 adds various new pieces > such as SECCOMP_ADDFD_FLAG_SETFD and SECCOMP_IOCTL_NOTIF_ADDFD > that also will need documenting [2]), I did :-). But of course I may > have made mistakes... > > I've shown the rendered version of the page below, and would love > to receive review comments from you and others, and acks, etc. > > There are a few FIXMEs sprinkled into the page, including one > that relates to what appears to me to be a misdesign (possibly > fixable) in the operation of the SECCOMP_IOCTL_NOTIF_RECV > operation. I would be especially interested in feedback on that > FIXME, and also of course the other FIXMEs. > > The page includes an extensive (albeit slightly contrived) > example program, and I would be happy also to receive comments > on that program. > > The page source currently sits in a branch (along with the text > that you sent me for the seccomp(2) page) at > https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/log/?h=seccomp_user_notif > > Thanks, > > Michael > > [1] > https://lore.kernel.org/linux-man/2cea5fec-e73e-5749-18af-15c35a4bd...@gmail.com/#t > [2] Sargun, can you prepare something on SECCOMP_ADDFD_FLAG_SETFD > and SECCOMP_IOCTL_NOTIF_ADDFD to be added to this page? > > ==== > > -- > Michael Kerrisk > Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ > Linux/UNIX System Programming Training: http://man7.org/training/
Should we consider the SECCOMP_GET_NOTIF_SIZES dance to be "deprecated" at this point, given that the extensible ioctl mechanism works? If we add new fields to the seccomp datastructures, we would move them from fixed-size ioctls, to variable sized ioctls that encode the datastructure size / length? -- This is mostly a question for Kees and Tycho.
