msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2015-01-09 07:00+0900\n"
+"POT-Creation-Date: 2015-02-04 23:33+0900\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
msgstr ""
#. type: TH
-#: build/C/man2/acct.2:31 build/C/man5/acct.5:25 build/C/man7/capabilities.7:48 build/C/man2/capget.2:15 build/C/man7/cpuset.7:25 build/C/man7/credentials.7:27 build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31 build/C/man2/getpid.2:25 build/C/man2/getpriority.2:45 build/C/man2/getresuid.2:28 build/C/man2/getrlimit.2:64 build/C/man2/getrusage.2:39 build/C/man2/getsid.2:26 build/C/man2/getuid.2:26 build/C/man2/iopl.2:33 build/C/man2/ioprio_set.2:24 build/C/man2/ipc.2:25 build/C/man7/namespaces.7:27 build/C/man7/pid_namespaces.7:27 build/C/man2/seteuid.2:29 build/C/man2/setfsgid.2:31 build/C/man2/setfsuid.2:31 build/C/man2/setgid.2:29 build/C/man2/setpgid.2:48 build/C/man2/setresuid.2:26 build/C/man2/setreuid.2:45 build/C/man2/setsid.2:31 build/C/man2/setuid.2:30 build/C/man7/svipc.7:40 build/C/man3/ulimit.3:27 build/C/man7/user_namespaces.7:27
+#: build/C/man2/acct.2:31 build/C/man5/acct.5:25 build/C/man7/capabilities.7:48 build/C/man2/capget.2:15 build/C/man7/cpuset.7:25 build/C/man7/credentials.7:27 build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31 build/C/man2/getpid.2:25 build/C/man2/getpriority.2:45 build/C/man2/getresuid.2:28 build/C/man2/getrlimit.2:64 build/C/man2/getrusage.2:39 build/C/man2/getsid.2:26 build/C/man2/getuid.2:26 build/C/man2/iopl.2:33 build/C/man2/ioprio_set.2:24 build/C/man2/ipc.2:25 build/C/man7/namespaces.7:27 build/C/man7/pid_namespaces.7:27 build/C/man2/seteuid.2:29 build/C/man2/setfsgid.2:31 build/C/man2/setfsuid.2:31 build/C/man2/setgid.2:29 build/C/man2/setpgid.2:48 build/C/man2/setresuid.2:26 build/C/man2/setreuid.2:45 build/C/man2/setsid.2:31 build/C/man2/setuid.2:30 build/C/man7/svipc.7:40 build/C/man3/ulimit.3:27 build/C/man7/user_namespaces.7:27 build/C/man2/seccomp.2:27
#, no-wrap
msgid "Linux"
msgstr ""
#. type: TH
-#: build/C/man2/acct.2:31 build/C/man5/acct.5:25 build/C/man7/capabilities.7:48 build/C/man2/capget.2:15 build/C/man7/cpuset.7:25 build/C/man7/credentials.7:27 build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31 build/C/man2/getpid.2:25 build/C/man2/getpriority.2:45 build/C/man2/getresuid.2:28 build/C/man2/getrlimit.2:64 build/C/man2/getrusage.2:39 build/C/man2/getsid.2:26 build/C/man2/getuid.2:26 build/C/man3/group_member.3:25 build/C/man2/iopl.2:33 build/C/man2/ioprio_set.2:24 build/C/man2/ipc.2:25 build/C/man7/namespaces.7:27 build/C/man7/pid_namespaces.7:27 build/C/man2/seteuid.2:29 build/C/man2/setfsgid.2:31 build/C/man2/setfsuid.2:31 build/C/man2/setgid.2:29 build/C/man2/setpgid.2:48 build/C/man2/setresuid.2:26 build/C/man2/setreuid.2:45 build/C/man2/setsid.2:31 build/C/man2/setuid.2:30 build/C/man7/svipc.7:40 build/C/man3/ulimit.3:27 build/C/man7/user_namespaces.7:27
+#: build/C/man2/acct.2:31 build/C/man5/acct.5:25 build/C/man7/capabilities.7:48 build/C/man2/capget.2:15 build/C/man7/cpuset.7:25 build/C/man7/credentials.7:27 build/C/man2/getgid.2:25 build/C/man2/getgroups.2:31 build/C/man2/getpid.2:25 build/C/man2/getpriority.2:45 build/C/man2/getresuid.2:28 build/C/man2/getrlimit.2:64 build/C/man2/getrusage.2:39 build/C/man2/getsid.2:26 build/C/man2/getuid.2:26 build/C/man3/group_member.3:25 build/C/man2/iopl.2:33 build/C/man2/ioprio_set.2:24 build/C/man2/ipc.2:25 build/C/man7/namespaces.7:27 build/C/man7/pid_namespaces.7:27 build/C/man2/seteuid.2:29 build/C/man2/setfsgid.2:31 build/C/man2/setfsuid.2:31 build/C/man2/setgid.2:29 build/C/man2/setpgid.2:48 build/C/man2/setresuid.2:26 build/C/man2/setreuid.2:45 build/C/man2/setsid.2:31 build/C/man2/setuid.2:30 build/C/man7/svipc.7:40 build/C/man3/ulimit.3:27 build/C/man7/user_namespaces.7:27 build/C/man2/seccomp.2:27
#, no-wrap
msgid "Linux Programmer's Manual"
msgstr ""
#. type: SH
-#: build/C/man2/acct.2:32 build/C/man5/acct.5:26 build/C/man7/capabilities.7:49 build/C/man2/capget.2:16 build/C/man7/cpuset.7:26 build/C/man7/credentials.7:28 build/C/man2/getgid.2:26 build/C/man2/getgroups.2:32 build/C/man2/getpid.2:26 build/C/man2/getpriority.2:46 build/C/man2/getresuid.2:29 build/C/man2/getrlimit.2:65 build/C/man2/getrusage.2:40 build/C/man2/getsid.2:27 build/C/man2/getuid.2:27 build/C/man3/group_member.3:26 build/C/man2/iopl.2:34 build/C/man2/ioprio_set.2:25 build/C/man2/ipc.2:26 build/C/man7/namespaces.7:28 build/C/man7/pid_namespaces.7:28 build/C/man2/seteuid.2:30 build/C/man2/setfsgid.2:32 build/C/man2/setfsuid.2:32 build/C/man2/setgid.2:30 build/C/man2/setpgid.2:49 build/C/man2/setresuid.2:27 build/C/man2/setreuid.2:46 build/C/man2/setsid.2:32 build/C/man2/setuid.2:31 build/C/man7/svipc.7:41 build/C/man3/ulimit.3:28 build/C/man7/user_namespaces.7:28
+#: build/C/man2/acct.2:32 build/C/man5/acct.5:26 build/C/man7/capabilities.7:49 build/C/man2/capget.2:16 build/C/man7/cpuset.7:26 build/C/man7/credentials.7:28 build/C/man2/getgid.2:26 build/C/man2/getgroups.2:32 build/C/man2/getpid.2:26 build/C/man2/getpriority.2:46 build/C/man2/getresuid.2:29 build/C/man2/getrlimit.2:65 build/C/man2/getrusage.2:40 build/C/man2/getsid.2:27 build/C/man2/getuid.2:27 build/C/man3/group_member.3:26 build/C/man2/iopl.2:34 build/C/man2/ioprio_set.2:25 build/C/man2/ipc.2:26 build/C/man7/namespaces.7:28 build/C/man7/pid_namespaces.7:28 build/C/man2/seteuid.2:30 build/C/man2/setfsgid.2:32 build/C/man2/setfsuid.2:32 build/C/man2/setgid.2:30 build/C/man2/setpgid.2:49 build/C/man2/setresuid.2:27 build/C/man2/setreuid.2:46 build/C/man2/setsid.2:32 build/C/man2/setuid.2:31 build/C/man7/svipc.7:41 build/C/man3/ulimit.3:28 build/C/man7/user_namespaces.7:28 build/C/man2/seccomp.2:28
#, no-wrap
msgid "NAME"
msgstr ""
msgstr ""
#. type: SH
-#: build/C/man2/acct.2:34 build/C/man5/acct.5:28 build/C/man2/capget.2:18 build/C/man2/getgid.2:28 build/C/man2/getgroups.2:34 build/C/man2/getpid.2:28 build/C/man2/getpriority.2:48 build/C/man2/getresuid.2:31 build/C/man2/getrlimit.2:67 build/C/man2/getrusage.2:42 build/C/man2/getsid.2:29 build/C/man2/getuid.2:29 build/C/man3/group_member.3:28 build/C/man2/iopl.2:36 build/C/man2/ioprio_set.2:27 build/C/man2/ipc.2:28 build/C/man2/seteuid.2:32 build/C/man2/setfsgid.2:34 build/C/man2/setfsuid.2:34 build/C/man2/setgid.2:32 build/C/man2/setpgid.2:51 build/C/man2/setresuid.2:29 build/C/man2/setreuid.2:48 build/C/man2/setsid.2:34 build/C/man2/setuid.2:33 build/C/man7/svipc.7:43 build/C/man3/ulimit.3:30
+#: build/C/man2/acct.2:34 build/C/man5/acct.5:28 build/C/man2/capget.2:18 build/C/man2/getgid.2:28 build/C/man2/getgroups.2:34 build/C/man2/getpid.2:28 build/C/man2/getpriority.2:48 build/C/man2/getresuid.2:31 build/C/man2/getrlimit.2:67 build/C/man2/getrusage.2:42 build/C/man2/getsid.2:29 build/C/man2/getuid.2:29 build/C/man3/group_member.3:28 build/C/man2/iopl.2:36 build/C/man2/ioprio_set.2:27 build/C/man2/ipc.2:28 build/C/man2/seteuid.2:32 build/C/man2/setfsgid.2:34 build/C/man2/setfsuid.2:34 build/C/man2/setgid.2:32 build/C/man2/setpgid.2:51 build/C/man2/setresuid.2:29 build/C/man2/setreuid.2:48 build/C/man2/setsid.2:34 build/C/man2/setuid.2:33 build/C/man7/svipc.7:43 build/C/man3/ulimit.3:30 build/C/man2/seccomp.2:30
#, no-wrap
msgid "SYNOPSIS"
msgstr ""
msgstr ""
#. type: SH
-#: build/C/man2/acct.2:50 build/C/man5/acct.5:30 build/C/man7/capabilities.7:51 build/C/man2/capget.2:24 build/C/man7/cpuset.7:28 build/C/man7/credentials.7:30 build/C/man2/getgid.2:36 build/C/man2/getgroups.2:52 build/C/man2/getpid.2:36 build/C/man2/getpriority.2:56 build/C/man2/getresuid.2:39 build/C/man2/getrlimit.2:88 build/C/man2/getrusage.2:48 build/C/man2/getsid.2:50 build/C/man2/getuid.2:37 build/C/man3/group_member.3:40 build/C/man2/iopl.2:40 build/C/man2/ioprio_set.2:35 build/C/man2/ipc.2:34 build/C/man7/namespaces.7:30 build/C/man7/pid_namespaces.7:30 build/C/man2/seteuid.2:53 build/C/man2/setfsgid.2:38 build/C/man2/setfsuid.2:38 build/C/man2/setgid.2:38 build/C/man2/setpgid.2:100 build/C/man2/setresuid.2:37 build/C/man2/setreuid.2:70 build/C/man2/setsid.2:41 build/C/man2/setuid.2:39 build/C/man7/svipc.7:49 build/C/man3/ulimit.3:34 build/C/man7/user_namespaces.7:30
+#: build/C/man2/acct.2:50 build/C/man5/acct.5:30 build/C/man7/capabilities.7:51 build/C/man2/capget.2:24 build/C/man7/cpuset.7:28 build/C/man7/credentials.7:30 build/C/man2/getgid.2:36 build/C/man2/getgroups.2:52 build/C/man2/getpid.2:36 build/C/man2/getpriority.2:56 build/C/man2/getresuid.2:39 build/C/man2/getrlimit.2:88 build/C/man2/getrusage.2:48 build/C/man2/getsid.2:50 build/C/man2/getuid.2:37 build/C/man3/group_member.3:40 build/C/man2/iopl.2:40 build/C/man2/ioprio_set.2:35 build/C/man2/ipc.2:34 build/C/man7/namespaces.7:30 build/C/man7/pid_namespaces.7:30 build/C/man2/seteuid.2:53 build/C/man2/setfsgid.2:38 build/C/man2/setfsuid.2:38 build/C/man2/setgid.2:38 build/C/man2/setpgid.2:100 build/C/man2/setresuid.2:37 build/C/man2/setreuid.2:70 build/C/man2/setsid.2:41 build/C/man2/setuid.2:39 build/C/man7/svipc.7:49 build/C/man3/ulimit.3:34 build/C/man7/user_namespaces.7:30 build/C/man2/seccomp.2:43
#, no-wrap
msgid "DESCRIPTION"
msgstr ""
msgstr ""
#. type: SH
-#: build/C/man2/acct.2:60 build/C/man2/capget.2:160 build/C/man2/getgroups.2:92 build/C/man2/getpriority.2:104 build/C/man2/getresuid.2:50 build/C/man2/getrlimit.2:461 build/C/man2/getrusage.2:188 build/C/man2/getsid.2:58 build/C/man3/group_member.3:48 build/C/man2/iopl.2:66 build/C/man2/ioprio_set.2:149 build/C/man2/seteuid.2:67 build/C/man2/setfsgid.2:68 build/C/man2/setfsuid.2:68 build/C/man2/setgid.2:53 build/C/man2/setpgid.2:195 build/C/man2/setresuid.2:64 build/C/man2/setreuid.2:93 build/C/man2/setsid.2:54 build/C/man2/setuid.2:70 build/C/man3/ulimit.3:67
+#: build/C/man2/acct.2:60 build/C/man2/capget.2:160 build/C/man2/getgroups.2:92 build/C/man2/getpriority.2:104 build/C/man2/getresuid.2:50 build/C/man2/getrlimit.2:461 build/C/man2/getrusage.2:188 build/C/man2/getsid.2:58 build/C/man3/group_member.3:48 build/C/man2/iopl.2:66 build/C/man2/ioprio_set.2:149 build/C/man2/seteuid.2:67 build/C/man2/setfsgid.2:68 build/C/man2/setfsuid.2:68 build/C/man2/setgid.2:53 build/C/man2/setpgid.2:195 build/C/man2/setresuid.2:64 build/C/man2/setreuid.2:93 build/C/man2/setsid.2:54 build/C/man2/setuid.2:70 build/C/man3/ulimit.3:67 build/C/man2/seccomp.2:342
#, no-wrap
msgid "RETURN VALUE"
msgstr ""
msgstr ""
#. type: SH
-#: build/C/man2/acct.2:65 build/C/man2/capget.2:179 build/C/man7/cpuset.7:1100 build/C/man2/getgid.2:42 build/C/man2/getgroups.2:106 build/C/man2/getpid.2:44 build/C/man2/getpriority.2:117 build/C/man2/getresuid.2:55 build/C/man2/getrlimit.2:466 build/C/man2/getrusage.2:193 build/C/man2/getsid.2:63 build/C/man2/getuid.2:43 build/C/man2/iopl.2:71 build/C/man2/ioprio_set.2:169 build/C/man2/seteuid.2:79 build/C/man2/setgid.2:58 build/C/man2/setpgid.2:216 build/C/man2/setresuid.2:76 build/C/man2/setreuid.2:105 build/C/man2/setsid.2:61 build/C/man2/setuid.2:82 build/C/man3/ulimit.3:74
+#: build/C/man2/acct.2:65 build/C/man2/capget.2:179 build/C/man7/cpuset.7:1100 build/C/man2/getgid.2:42 build/C/man2/getgroups.2:106 build/C/man2/getpid.2:44 build/C/man2/getpriority.2:117 build/C/man2/getresuid.2:55 build/C/man2/getrlimit.2:466 build/C/man2/getrusage.2:193 build/C/man2/getsid.2:63 build/C/man2/getuid.2:43 build/C/man2/iopl.2:71 build/C/man2/ioprio_set.2:169 build/C/man2/seteuid.2:79 build/C/man2/setgid.2:58 build/C/man2/setpgid.2:216 build/C/man2/setresuid.2:76 build/C/man2/setreuid.2:105 build/C/man2/setsid.2:61 build/C/man2/setuid.2:82 build/C/man3/ulimit.3:74 build/C/man2/seccomp.2:358
#, no-wrap
msgid "ERRORS"
msgstr ""
msgstr ""
#. type: TP
-#: build/C/man2/acct.2:77 build/C/man2/capget.2:180 build/C/man7/cpuset.7:1172 build/C/man2/getgroups.2:107 build/C/man2/getresuid.2:56 build/C/man2/getrlimit.2:467 build/C/man2/getrusage.2:194
+#: build/C/man2/acct.2:77 build/C/man2/capget.2:180 build/C/man7/cpuset.7:1172 build/C/man2/getgroups.2:107 build/C/man2/getresuid.2:56 build/C/man2/getrlimit.2:467 build/C/man2/getrusage.2:194 build/C/man2/seccomp.2:369
#, no-wrap
msgid "B<EFAULT>"
msgstr ""
msgstr ""
#. type: TP
-#: build/C/man2/acct.2:103 build/C/man7/cpuset.7:1287 build/C/man2/getgroups.2:127
+#: build/C/man2/acct.2:103 build/C/man7/cpuset.7:1287 build/C/man2/getgroups.2:127 build/C/man2/seccomp.2:413 build/C/man2/seccomp.2:416
#, no-wrap
msgid "B<ENOMEM>"
msgstr ""
#. type: Plain text
-#: build/C/man2/acct.2:106 build/C/man2/getgroups.2:130
+#: build/C/man2/acct.2:106 build/C/man2/getgroups.2:130 build/C/man2/seccomp.2:416
msgid "Out of memory."
msgstr ""
msgstr ""
#. type: TP
-#: build/C/man2/acct.2:117 build/C/man2/capget.2:191 build/C/man2/capget.2:196 build/C/man7/cpuset.7:1319 build/C/man2/getgroups.2:130 build/C/man2/getpriority.2:149 build/C/man2/getrlimit.2:483 build/C/man2/getsid.2:64 build/C/man2/iopl.2:79 build/C/man2/ioprio_set.2:179 build/C/man2/seteuid.2:83 build/C/man2/setgid.2:64 build/C/man2/setpgid.2:231 build/C/man2/setresuid.2:103 build/C/man2/setreuid.2:132 build/C/man2/setsid.2:62 build/C/man2/setuid.2:110 build/C/man3/ulimit.3:75
+#: build/C/man2/acct.2:117 build/C/man2/capget.2:191 build/C/man2/capget.2:196 build/C/man7/cpuset.7:1319 build/C/man2/getgroups.2:130 build/C/man2/getpriority.2:149 build/C/man2/getrlimit.2:483 build/C/man2/getrlimit.2:488 build/C/man2/getrlimit.2:496 build/C/man2/getsid.2:64 build/C/man2/iopl.2:79 build/C/man2/ioprio_set.2:179 build/C/man2/seteuid.2:83 build/C/man2/setgid.2:64 build/C/man2/setpgid.2:231 build/C/man2/setresuid.2:103 build/C/man2/setreuid.2:132 build/C/man2/setsid.2:62 build/C/man2/setuid.2:110 build/C/man3/ulimit.3:75
#, no-wrap
msgid "B<EPERM>"
msgstr ""
msgstr ""
#. type: SH
-#: build/C/man2/acct.2:130 build/C/man5/acct.5:153 build/C/man7/capabilities.7:1120 build/C/man2/capget.2:218 build/C/man7/credentials.7:287 build/C/man2/getgid.2:44 build/C/man2/getgroups.2:133 build/C/man2/getpid.2:46 build/C/man2/getpriority.2:157 build/C/man2/getresuid.2:67 build/C/man2/getrlimit.2:504 build/C/man2/getrusage.2:202 build/C/man2/getsid.2:79 build/C/man2/getuid.2:45 build/C/man3/group_member.3:55 build/C/man2/iopl.2:87 build/C/man2/ioprio_set.2:196 build/C/man2/ipc.2:45 build/C/man7/namespaces.7:359 build/C/man7/pid_namespaces.7:341 build/C/man2/seteuid.2:99 build/C/man2/setfsgid.2:75 build/C/man2/setfsuid.2:75 build/C/man2/setgid.2:71 build/C/man2/setpgid.2:250 build/C/man2/setresuid.2:109 build/C/man2/setreuid.2:148 build/C/man2/setsid.2:68 build/C/man2/setuid.2:117 build/C/man3/ulimit.3:78 build/C/man7/user_namespaces.7:645
+#: build/C/man2/acct.2:130 build/C/man5/acct.5:153 build/C/man7/capabilities.7:1120 build/C/man2/capget.2:218 build/C/man7/credentials.7:287 build/C/man2/getgid.2:44 build/C/man2/getgroups.2:133 build/C/man2/getpid.2:46 build/C/man2/getpriority.2:157 build/C/man2/getresuid.2:67 build/C/man2/getrlimit.2:511 build/C/man2/getrusage.2:202 build/C/man2/getsid.2:79 build/C/man2/getuid.2:45 build/C/man3/group_member.3:55 build/C/man2/iopl.2:87 build/C/man2/ioprio_set.2:196 build/C/man2/ipc.2:45 build/C/man7/namespaces.7:359 build/C/man7/pid_namespaces.7:351 build/C/man2/seteuid.2:99 build/C/man2/setfsgid.2:75 build/C/man2/setfsuid.2:75 build/C/man2/setgid.2:71 build/C/man2/setpgid.2:250 build/C/man2/setresuid.2:109 build/C/man2/setreuid.2:148 build/C/man2/setsid.2:68 build/C/man2/setuid.2:117 build/C/man3/ulimit.3:78 build/C/man7/user_namespaces.7:645 build/C/man2/seccomp.2:435
#, no-wrap
msgid "CONFORMING TO"
msgstr ""
msgstr ""
#. type: SH
-#: build/C/man2/acct.2:137 build/C/man5/acct.5:157 build/C/man7/capabilities.7:1126 build/C/man2/capget.2:220 build/C/man7/cpuset.7:1341 build/C/man7/credentials.7:293 build/C/man2/getgid.2:46 build/C/man2/getgroups.2:141 build/C/man2/getpid.2:48 build/C/man2/getpriority.2:160 build/C/man2/getresuid.2:70 build/C/man2/getrlimit.2:527 build/C/man2/getrusage.2:213 build/C/man2/getsid.2:81 build/C/man2/getuid.2:47 build/C/man2/iopl.2:91 build/C/man2/ioprio_set.2:198 build/C/man2/ipc.2:49 build/C/man2/seteuid.2:101 build/C/man2/setfsgid.2:79 build/C/man2/setfsuid.2:79 build/C/man2/setgid.2:73 build/C/man2/setpgid.2:272 build/C/man2/setresuid.2:112 build/C/man2/setreuid.2:154 build/C/man2/setsid.2:70 build/C/man2/setuid.2:122 build/C/man7/user_namespaces.7:648
+#: build/C/man2/acct.2:137 build/C/man5/acct.5:157 build/C/man7/capabilities.7:1126 build/C/man2/capget.2:220 build/C/man7/cpuset.7:1341 build/C/man7/credentials.7:293 build/C/man2/getgid.2:46 build/C/man2/getgroups.2:141 build/C/man2/getpid.2:48 build/C/man2/getpriority.2:160 build/C/man2/getresuid.2:70 build/C/man2/getrlimit.2:534 build/C/man2/getrusage.2:213 build/C/man2/getsid.2:81 build/C/man2/getuid.2:47 build/C/man2/iopl.2:91 build/C/man2/ioprio_set.2:198 build/C/man2/ipc.2:49 build/C/man2/seteuid.2:101 build/C/man2/setfsgid.2:79 build/C/man2/setfsuid.2:79 build/C/man2/setgid.2:73 build/C/man2/setpgid.2:272 build/C/man2/setresuid.2:112 build/C/man2/setreuid.2:154 build/C/man2/setsid.2:70 build/C/man2/setuid.2:122 build/C/man7/user_namespaces.7:648 build/C/man2/seccomp.2:439
#, no-wrap
msgid "NOTES"
msgstr ""
msgstr ""
#. type: SH
-#: build/C/man2/acct.2:143 build/C/man5/acct.5:174 build/C/man7/capabilities.7:1183 build/C/man2/capget.2:228 build/C/man7/cpuset.7:1488 build/C/man7/credentials.7:304 build/C/man2/getgid.2:62 build/C/man2/getgroups.2:178 build/C/man2/getpid.2:100 build/C/man2/getpriority.2:232 build/C/man2/getresuid.2:86 build/C/man2/getrlimit.2:759 build/C/man2/getrusage.2:253 build/C/man2/getsid.2:84 build/C/man2/getuid.2:73 build/C/man3/group_member.3:57 build/C/man2/iopl.2:100 build/C/man2/ioprio_set.2:346 build/C/man2/ipc.2:57 build/C/man7/namespaces.7:364 build/C/man7/pid_namespaces.7:346 build/C/man2/seteuid.2:141 build/C/man2/setfsgid.2:123 build/C/man2/setfsuid.2:131 build/C/man2/setgid.2:83 build/C/man2/setpgid.2:340 build/C/man2/setresuid.2:132 build/C/man2/setreuid.2:194 build/C/man2/setsid.2:93 build/C/man2/setuid.2:145 build/C/man7/svipc.7:335 build/C/man3/ulimit.3:83 build/C/man7/user_namespaces.7:1011
+#: build/C/man2/acct.2:143 build/C/man5/acct.5:174 build/C/man7/capabilities.7:1183 build/C/man2/capget.2:228 build/C/man7/cpuset.7:1488 build/C/man7/credentials.7:304 build/C/man2/getgid.2:62 build/C/man2/getgroups.2:178 build/C/man2/getpid.2:100 build/C/man2/getpriority.2:232 build/C/man2/getresuid.2:86 build/C/man2/getrlimit.2:766 build/C/man2/getrusage.2:253 build/C/man2/getsid.2:84 build/C/man2/getuid.2:73 build/C/man3/group_member.3:57 build/C/man2/iopl.2:100 build/C/man2/ioprio_set.2:346 build/C/man2/ipc.2:57 build/C/man7/namespaces.7:364 build/C/man7/pid_namespaces.7:356 build/C/man2/seteuid.2:141 build/C/man2/setfsgid.2:123 build/C/man2/setfsuid.2:131 build/C/man2/setgid.2:83 build/C/man2/setpgid.2:340 build/C/man2/setresuid.2:132 build/C/man2/setreuid.2:194 build/C/man2/setsid.2:93 build/C/man2/setuid.2:145 build/C/man7/svipc.7:335 build/C/man3/ulimit.3:83 build/C/man7/user_namespaces.7:1011 build/C/man2/seccomp.2:662
#, no-wrap
msgid "SEE ALSO"
msgstr ""
msgstr ""
#. type: SH
-#: build/C/man2/acct.2:145 build/C/man5/acct.5:179 build/C/man7/capabilities.7:1205 build/C/man2/capget.2:232 build/C/man7/cpuset.7:1506 build/C/man7/credentials.7:340 build/C/man2/getgid.2:67 build/C/man2/getgroups.2:186 build/C/man2/getpid.2:111 build/C/man2/getpriority.2:241 build/C/man2/getresuid.2:92 build/C/man2/getrlimit.2:777 build/C/man2/getrusage.2:260 build/C/man2/getsid.2:88 build/C/man2/getuid.2:78 build/C/man3/group_member.3:62 build/C/man2/iopl.2:104 build/C/man2/ioprio_set.2:354 build/C/man2/ipc.2:70 build/C/man7/namespaces.7:377 build/C/man7/pid_namespaces.7:355 build/C/man2/seteuid.2:149 build/C/man2/setfsgid.2:128 build/C/man2/setfsuid.2:136 build/C/man2/setgid.2:90 build/C/man2/setpgid.2:347 build/C/man2/setresuid.2:142 build/C/man2/setreuid.2:203 build/C/man2/setsid.2:100 build/C/man2/setuid.2:153 build/C/man7/svipc.7:353 build/C/man3/ulimit.3:88 build/C/man7/user_namespaces.7:1027
+#: build/C/man2/acct.2:145 build/C/man5/acct.5:179 build/C/man7/capabilities.7:1205 build/C/man2/capget.2:232 build/C/man7/cpuset.7:1506 build/C/man7/credentials.7:340 build/C/man2/getgid.2:67 build/C/man2/getgroups.2:186 build/C/man2/getpid.2:111 build/C/man2/getpriority.2:241 build/C/man2/getresuid.2:92 build/C/man2/getrlimit.2:784 build/C/man2/getrusage.2:260 build/C/man2/getsid.2:88 build/C/man2/getuid.2:78 build/C/man3/group_member.3:62 build/C/man2/iopl.2:104 build/C/man2/ioprio_set.2:354 build/C/man2/ipc.2:70 build/C/man7/namespaces.7:377 build/C/man7/pid_namespaces.7:365 build/C/man2/seteuid.2:149 build/C/man2/setfsgid.2:128 build/C/man2/setfsuid.2:136 build/C/man2/setgid.2:90 build/C/man2/setpgid.2:347 build/C/man2/setresuid.2:142 build/C/man2/setreuid.2:203 build/C/man2/setsid.2:100 build/C/man2/setuid.2:153 build/C/man7/svipc.7:353 build/C/man3/ulimit.3:88 build/C/man7/user_namespaces.7:1027 build/C/man2/seccomp.2:679
#, no-wrap
msgid "COLOPHON"
msgstr ""
#. type: Plain text
-#: build/C/man2/acct.2:153 build/C/man5/acct.5:187 build/C/man7/capabilities.7:1213 build/C/man2/capget.2:240 build/C/man7/cpuset.7:1514 build/C/man7/credentials.7:348 build/C/man2/getgid.2:75 build/C/man2/getgroups.2:194 build/C/man2/getpid.2:119 build/C/man2/getpriority.2:249 build/C/man2/getresuid.2:100 build/C/man2/getrlimit.2:785 build/C/man2/getrusage.2:268 build/C/man2/getsid.2:96 build/C/man2/getuid.2:86 build/C/man3/group_member.3:70 build/C/man2/iopl.2:112 build/C/man2/ioprio_set.2:362 build/C/man2/ipc.2:78 build/C/man7/namespaces.7:385 build/C/man7/pid_namespaces.7:363 build/C/man2/seteuid.2:157 build/C/man2/setfsgid.2:136 build/C/man2/setfsuid.2:144 build/C/man2/setgid.2:98 build/C/man2/setpgid.2:355 build/C/man2/setresuid.2:150 build/C/man2/setreuid.2:211 build/C/man2/setsid.2:108 build/C/man2/setuid.2:161 build/C/man7/svipc.7:361 build/C/man3/ulimit.3:96 build/C/man7/user_namespaces.7:1035
+#: build/C/man2/acct.2:153 build/C/man5/acct.5:187 build/C/man7/capabilities.7:1213 build/C/man2/capget.2:240 build/C/man7/cpuset.7:1514 build/C/man7/credentials.7:348 build/C/man2/getgid.2:75 build/C/man2/getgroups.2:194 build/C/man2/getpid.2:119 build/C/man2/getpriority.2:249 build/C/man2/getresuid.2:100 build/C/man2/getrlimit.2:792 build/C/man2/getrusage.2:268 build/C/man2/getsid.2:96 build/C/man2/getuid.2:86 build/C/man3/group_member.3:70 build/C/man2/iopl.2:112 build/C/man2/ioprio_set.2:362 build/C/man2/ipc.2:78 build/C/man7/namespaces.7:385 build/C/man7/pid_namespaces.7:373 build/C/man2/seteuid.2:157 build/C/man2/setfsgid.2:136 build/C/man2/setfsuid.2:144 build/C/man2/setgid.2:98 build/C/man2/setpgid.2:355 build/C/man2/setresuid.2:150 build/C/man2/setreuid.2:211 build/C/man2/setsid.2:108 build/C/man2/setuid.2:161 build/C/man7/svipc.7:361 build/C/man3/ulimit.3:96 build/C/man7/user_namespaces.7:1035 build/C/man2/seccomp.2:687
msgid ""
-"This page is part of release 3.76 of the Linux I<man-pages> project. A "
+"This page is part of release 3.79 of the Linux I<man-pages> project. A "
"description of the project, information about reporting bugs, and the latest "
"version of this page, can be found at "
"\\%http://www.kernel.org/doc/man-pages/."
msgstr ""
#. type: SH
-#: build/C/man5/acct.5:149 build/C/man7/cpuset.7:1338 build/C/man2/getresuid.2:60 build/C/man2/getrlimit.2:499 build/C/man2/getsid.2:75 build/C/man2/ioprio_set.2:193 build/C/man2/setfsgid.2:71 build/C/man2/setfsuid.2:71 build/C/man2/setresuid.2:107
+#: build/C/man5/acct.5:149 build/C/man7/cpuset.7:1338 build/C/man2/getresuid.2:60 build/C/man2/getrlimit.2:506 build/C/man2/getsid.2:75 build/C/man2/ioprio_set.2:193 build/C/man2/setfsgid.2:71 build/C/man2/setfsuid.2:71 build/C/man2/setresuid.2:107 build/C/man2/seccomp.2:430
#, no-wrap
msgid "VERSIONS"
msgstr ""
msgstr ""
#. type: TH
-#: build/C/man7/capabilities.7:48 build/C/man2/getpid.2:25 build/C/man7/namespaces.7:27 build/C/man7/pid_namespaces.7:27 build/C/man2/seteuid.2:29 build/C/man2/setgid.2:29 build/C/man2/setresuid.2:26 build/C/man2/setreuid.2:45 build/C/man2/setuid.2:30 build/C/man7/svipc.7:40 build/C/man7/user_namespaces.7:27
+#: build/C/man7/capabilities.7:48
#, no-wrap
-msgid "2014-09-21"
+msgid "2015-02-01"
msgstr ""
#. type: Plain text
msgstr ""
#. type: IP
-#: build/C/man7/capabilities.7:103 build/C/man7/capabilities.7:106 build/C/man7/capabilities.7:116 build/C/man7/capabilities.7:126 build/C/man7/capabilities.7:130 build/C/man7/capabilities.7:132 build/C/man7/capabilities.7:134 build/C/man7/capabilities.7:204 build/C/man7/capabilities.7:206 build/C/man7/capabilities.7:208 build/C/man7/capabilities.7:210 build/C/man7/capabilities.7:212 build/C/man7/capabilities.7:214 build/C/man7/capabilities.7:216 build/C/man7/capabilities.7:218 build/C/man7/capabilities.7:220 build/C/man7/capabilities.7:244 build/C/man7/capabilities.7:246 build/C/man7/capabilities.7:296 build/C/man7/capabilities.7:306 build/C/man7/capabilities.7:312 build/C/man7/capabilities.7:317 build/C/man7/capabilities.7:323 build/C/man7/capabilities.7:327 build/C/man7/capabilities.7:334 build/C/man7/capabilities.7:337 build/C/man7/capabilities.7:345 build/C/man7/capabilities.7:347 build/C/man7/capabilities.7:356 build/C/man7/capabilities.7:365 build/C/man7/capabilities.7:368 build/C/man7/capabilities.7:372 build/C/man7/capabilities.7:380 build/C/man7/capabilities.7:383 build/C/man7/capabilities.7:390 build/C/man7/capabilities.7:395 build/C/man7/capabilities.7:401 build/C/man7/capabilities.7:405 build/C/man7/capabilities.7:409 build/C/man7/capabilities.7:413 build/C/man7/capabilities.7:417 build/C/man7/capabilities.7:444 build/C/man7/capabilities.7:449 build/C/man7/capabilities.7:455 build/C/man7/capabilities.7:458 build/C/man7/capabilities.7:461 build/C/man7/capabilities.7:471 build/C/man7/capabilities.7:475 build/C/man7/capabilities.7:492 build/C/man7/capabilities.7:495 build/C/man7/capabilities.7:499 build/C/man7/capabilities.7:504 build/C/man7/capabilities.7:513 build/C/man7/capabilities.7:518 build/C/man7/capabilities.7:521 build/C/man7/capabilities.7:526 build/C/man7/capabilities.7:529 build/C/man7/capabilities.7:532 build/C/man7/capabilities.7:535 build/C/man7/capabilities.7:538 build/C/man7/capabilities.7:543 build/C/man7/capabilities.7:545 build/C/man7/capabilities.7:551 build/C/man7/capabilities.7:559 build/C/man7/capabilities.7:561 build/C/man7/capabilities.7:565 build/C/man7/capabilities.7:567 build/C/man7/capabilities.7:570 build/C/man7/capabilities.7:574 build/C/man7/capabilities.7:576 build/C/man7/capabilities.7:578 build/C/man7/capabilities.7:580 build/C/man7/capabilities.7:589 build/C/man7/capabilities.7:596 build/C/man7/capabilities.7:601 build/C/man7/capabilities.7:606 build/C/man7/capabilities.7:611 build/C/man7/capabilities.7:636 build/C/man7/capabilities.7:643 build/C/man7/capabilities.7:844 build/C/man7/capabilities.7:852 build/C/man7/capabilities.7:1172 build/C/man7/capabilities.7:1177 build/C/man7/cpuset.7:540 build/C/man7/cpuset.7:545 build/C/man7/cpuset.7:550 build/C/man7/cpuset.7:726 build/C/man7/cpuset.7:730 build/C/man7/cpuset.7:927 build/C/man7/cpuset.7:930 build/C/man7/cpuset.7:934 build/C/man7/cpuset.7:938 build/C/man7/cpuset.7:942 build/C/man7/credentials.7:177 build/C/man7/credentials.7:183 build/C/man7/credentials.7:195 build/C/man7/credentials.7:217 build/C/man7/credentials.7:234 build/C/man7/credentials.7:266 build/C/man7/credentials.7:269 build/C/man7/credentials.7:280 build/C/man7/credentials.7:283 build/C/man2/getrlimit.2:683 build/C/man2/getrlimit.2:686 build/C/man7/namespaces.7:212 build/C/man7/namespaces.7:215 build/C/man7/namespaces.7:228 build/C/man7/pid_namespaces.7:223 build/C/man7/pid_namespaces.7:231 build/C/man7/pid_namespaces.7:242 build/C/man7/user_namespaces.7:261 build/C/man7/user_namespaces.7:266 build/C/man7/user_namespaces.7:272 build/C/man7/user_namespaces.7:285 build/C/man7/user_namespaces.7:306 build/C/man7/user_namespaces.7:474 build/C/man7/user_namespaces.7:477 build/C/man7/user_namespaces.7:479 build/C/man7/user_namespaces.7:492 build/C/man7/user_namespaces.7:505 build/C/man7/user_namespaces.7:532 build/C/man7/user_namespaces.7:541
+#: build/C/man7/capabilities.7:103 build/C/man7/capabilities.7:106 build/C/man7/capabilities.7:116 build/C/man7/capabilities.7:126 build/C/man7/capabilities.7:130 build/C/man7/capabilities.7:132 build/C/man7/capabilities.7:134 build/C/man7/capabilities.7:204 build/C/man7/capabilities.7:206 build/C/man7/capabilities.7:208 build/C/man7/capabilities.7:210 build/C/man7/capabilities.7:212 build/C/man7/capabilities.7:214 build/C/man7/capabilities.7:216 build/C/man7/capabilities.7:218 build/C/man7/capabilities.7:220 build/C/man7/capabilities.7:244 build/C/man7/capabilities.7:246 build/C/man7/capabilities.7:296 build/C/man7/capabilities.7:306 build/C/man7/capabilities.7:312 build/C/man7/capabilities.7:317 build/C/man7/capabilities.7:323 build/C/man7/capabilities.7:327 build/C/man7/capabilities.7:334 build/C/man7/capabilities.7:337 build/C/man7/capabilities.7:345 build/C/man7/capabilities.7:347 build/C/man7/capabilities.7:356 build/C/man7/capabilities.7:365 build/C/man7/capabilities.7:368 build/C/man7/capabilities.7:372 build/C/man7/capabilities.7:380 build/C/man7/capabilities.7:383 build/C/man7/capabilities.7:390 build/C/man7/capabilities.7:395 build/C/man7/capabilities.7:401 build/C/man7/capabilities.7:405 build/C/man7/capabilities.7:409 build/C/man7/capabilities.7:413 build/C/man7/capabilities.7:417 build/C/man7/capabilities.7:444 build/C/man7/capabilities.7:449 build/C/man7/capabilities.7:455 build/C/man7/capabilities.7:458 build/C/man7/capabilities.7:461 build/C/man7/capabilities.7:471 build/C/man7/capabilities.7:475 build/C/man7/capabilities.7:492 build/C/man7/capabilities.7:495 build/C/man7/capabilities.7:499 build/C/man7/capabilities.7:504 build/C/man7/capabilities.7:513 build/C/man7/capabilities.7:518 build/C/man7/capabilities.7:521 build/C/man7/capabilities.7:526 build/C/man7/capabilities.7:529 build/C/man7/capabilities.7:532 build/C/man7/capabilities.7:535 build/C/man7/capabilities.7:538 build/C/man7/capabilities.7:543 build/C/man7/capabilities.7:545 build/C/man7/capabilities.7:551 build/C/man7/capabilities.7:559 build/C/man7/capabilities.7:561 build/C/man7/capabilities.7:565 build/C/man7/capabilities.7:567 build/C/man7/capabilities.7:570 build/C/man7/capabilities.7:574 build/C/man7/capabilities.7:576 build/C/man7/capabilities.7:578 build/C/man7/capabilities.7:580 build/C/man7/capabilities.7:589 build/C/man7/capabilities.7:596 build/C/man7/capabilities.7:601 build/C/man7/capabilities.7:606 build/C/man7/capabilities.7:611 build/C/man7/capabilities.7:636 build/C/man7/capabilities.7:643 build/C/man7/capabilities.7:844 build/C/man7/capabilities.7:852 build/C/man7/capabilities.7:1172 build/C/man7/capabilities.7:1177 build/C/man7/cpuset.7:540 build/C/man7/cpuset.7:545 build/C/man7/cpuset.7:550 build/C/man7/cpuset.7:726 build/C/man7/cpuset.7:730 build/C/man7/cpuset.7:927 build/C/man7/cpuset.7:930 build/C/man7/cpuset.7:934 build/C/man7/cpuset.7:938 build/C/man7/cpuset.7:942 build/C/man7/credentials.7:177 build/C/man7/credentials.7:183 build/C/man7/credentials.7:195 build/C/man7/credentials.7:217 build/C/man7/credentials.7:234 build/C/man7/credentials.7:266 build/C/man7/credentials.7:269 build/C/man7/credentials.7:280 build/C/man7/credentials.7:283 build/C/man2/getrlimit.2:690 build/C/man2/getrlimit.2:693 build/C/man7/namespaces.7:212 build/C/man7/namespaces.7:215 build/C/man7/namespaces.7:228 build/C/man7/pid_namespaces.7:233 build/C/man7/pid_namespaces.7:241 build/C/man7/pid_namespaces.7:252 build/C/man7/user_namespaces.7:261 build/C/man7/user_namespaces.7:266 build/C/man7/user_namespaces.7:272 build/C/man7/user_namespaces.7:285 build/C/man7/user_namespaces.7:306 build/C/man7/user_namespaces.7:474 build/C/man7/user_namespaces.7:477 build/C/man7/user_namespaces.7:479 build/C/man7/user_namespaces.7:492 build/C/man7/user_namespaces.7:505 build/C/man7/user_namespaces.7:532 build/C/man7/user_namespaces.7:541 build/C/man2/seccomp.2:265 build/C/man2/seccomp.2:269 build/C/man2/seccomp.2:272 build/C/man2/seccomp.2:277 build/C/man2/seccomp.2:281 build/C/man2/seccomp.2:455 build/C/man2/seccomp.2:463 build/C/man2/seccomp.2:469
#, no-wrap
msgid "*"
msgstr ""
#. type: Plain text
#: build/C/man7/capabilities.7:347
-msgid "forge UID when passing socket credentials;"
+msgid "forge PID when passing socket credentials via UNIX domain sockets;"
msgstr ""
#. type: Plain text
#. type: Plain text
#: build/C/man7/capabilities.7:1202
msgid ""
-"B<capsh>(1), B<
capget>(2), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3), "
+"B<capsh>(1), B<
setpriv>(2), B<prctl>(2), B<setfsuid>(2), B<cap_clear>(3), "
"B<cap_copy_ext>(3), B<cap_from_text>(3), B<cap_get_file>(3), "
"B<cap_get_proc>(3), B<cap_init>(3), B<capgetp>(3), B<capsetp>(3), "
"B<libcap>(3), B<credentials>(7), B<user_namespaces>(7), B<pthreads>(7), "
msgstr ""
#. type: TP
-#: build/C/man2/capget.2:188 build/C/man7/cpuset.7:1180 build/C/man7/cpuset.7:1189 build/C/man7/cpuset.7:1198 build/C/man7/cpuset.7:1208 build/C/man7/cpuset.7:1217 build/C/man7/cpuset.7:1224 build/C/man7/cpuset.7:1231 build/C/man2/getgroups.2:114 build/C/man2/getgroups.2:121 build/C/man2/getpriority.2:118 build/C/man2/getrlimit.2:471 build/C/man2/getrusage.2:198 build/C/man2/iopl.2:72 build/C/man2/ioprio_set.2:170 build/C/man2/seteuid.2:80 build/C/man2/setgid.2:59 build/C/man2/setpgid.2:225 build/C/man2/setresuid.2:99 build/C/man2/setreuid.2:128 build/C/man2/setuid.2:105
+#: build/C/man2/capget.2:188 build/C/man7/cpuset.7:1180 build/C/man7/cpuset.7:1189 build/C/man7/cpuset.7:1198 build/C/man7/cpuset.7:1208 build/C/man7/cpuset.7:1217 build/C/man7/cpuset.7:1224 build/C/man7/cpuset.7:1231 build/C/man2/getgroups.2:114 build/C/man2/getgroups.2:121 build/C/man2/getpriority.2:118 build/C/man2/getrlimit.2:471 build/C/man2/getrusage.2:198 build/C/man2/iopl.2:72 build/C/man2/ioprio_set.2:170 build/C/man2/seteuid.2:80 build/C/man2/setgid.2:59 build/C/man2/setpgid.2:225 build/C/man2/setresuid.2:99 build/C/man2/setreuid.2:128 build/C/man2/setuid.2:105 build/C/man2/seccomp.2:373 build/C/man2/seccomp.2:380 build/C/man2/seccomp.2:387 build/C/man2/seccomp.2:393 build/C/man2/seccomp.2:402
#, no-wrap
msgid "B<EINVAL>"
msgstr ""
msgstr ""
#. type: TP
-#: build/C/man2/capget.2:215 build/C/man7/cpuset.7:1330 build/C/man2/getpriority.2:126 build/C/man2/getrlimit.2:495 build/C/man2/getsid.2:70 build/C/man2/ioprio_set.2:187 build/C/man2/setpgid.2:240
+#: build/C/man2/capget.2:215 build/C/man7/cpuset.7:1330 build/C/man2/getpriority.2:126 build/C/man2/getrlimit.2:502 build/C/man2/getsid.2:70 build/C/man2/ioprio_set.2:187 build/C/man2/setpgid.2:240 build/C/man2/seccomp.2:426
#, no-wrap
msgid "B<ESRCH>"
msgstr ""
msgstr ""
#. type: SH
-#: build/C/man7/cpuset.7:1352 build/C/man2/getpriority.2:225 build/C/man2/getrlimit.2:570 build/C/man2/ioprio_set.2:337 build/C/man2/setfsgid.2:106 build/C/man2/setfsuid.2:114
+#: build/C/man7/cpuset.7:1352 build/C/man2/getpriority.2:225 build/C/man2/getrlimit.2:577 build/C/man2/ioprio_set.2:337 build/C/man2/setfsgid.2:106 build/C/man2/setfsuid.2:114
#, no-wrap
msgid "BUGS"
msgstr ""
msgstr ""
#. type: SH
-#: build/C/man7/cpuset.7:1365 build/C/man2/getrlimit.2:703 build/C/man7/namespaces.7:361 build/C/man7/pid_namespaces.7:343 build/C/man7/user_namespaces.7:677
+#: build/C/man7/cpuset.7:1365 build/C/man2/getrlimit.2:710 build/C/man7/namespaces.7:361 build/C/man7/pid_namespaces.7:353 build/C/man7/user_namespaces.7:677 build/C/man2/seccomp.2:476
#, no-wrap
msgid "EXAMPLE"
msgstr ""
msgid "GETPID"
msgstr ""
+#. type: TH
+#: build/C/man2/getpid.2:25 build/C/man7/namespaces.7:27 build/C/man2/seteuid.2:29 build/C/man2/setgid.2:29 build/C/man2/setresuid.2:26 build/C/man2/setreuid.2:45 build/C/man2/setuid.2:30 build/C/man7/svipc.7:40 build/C/man7/user_namespaces.7:27
+#, no-wrap
+msgid "2014-09-21"
+msgstr ""
+
#. type: Plain text
#: build/C/man2/getpid.2:28
msgid "getpid, getppid - get process identification"
#. type: TH
#: build/C/man2/getrlimit.2:64
#, no-wrap
-msgid "2014-10-02"
+msgid "2015-01-22"
msgstr ""
#. type: Plain text
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:495
+#: build/C/man2/getrlimit.2:488
msgid ""
"An unprivileged process tried to raise the hard limit; the "
-"B<CAP_SYS_RESOURCE> capability is required to do this. Or, the caller tried "
-"to increase the hard B<RLIMIT_NOFILE> limit above the current kernel maximum "
-"(B<NR_OPEN>). Or, the calling process did not have permission to set limits "
+"B<CAP_SYS_RESOURCE> capability is required to do this."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/getrlimit.2:496
+msgid ""
+"The caller tried to increase the hard B<RLIMIT_NOFILE> limit above the "
+"maximum defined by I</proc/sys/fs/nr_open> (see B<proc>(5))"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/getrlimit.2:502
+msgid ""
+"(B<prlimit>()) The calling process did not have permission to set limits "
"for the process specified by I<pid>."
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:499
+#: build/C/man2/getrlimit.2:506
msgid "Could not find a process with the ID specified in I<pid>."
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:504
+#: build/C/man2/getrlimit.2:511
msgid ""
"The B<prlimit>() system call is available since Linux 2.6.36. Library "
"support is available since glibc 2.13."
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:508
+#: build/C/man2/getrlimit.2:515
msgid "B<getrlimit>(), B<setrlimit>(): SVr4, 4.3BSD, POSIX.1-2001."
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:511
+#: build/C/man2/getrlimit.2:518
msgid "B<prlimit>(): Linux-specific."
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:527
+#: build/C/man2/getrlimit.2:534
msgid ""
"B<RLIMIT_MEMLOCK> and B<RLIMIT_NPROC> derive from BSD and are not specified "
"in POSIX.1-2001; they are present on the BSDs and Linux, but on few other "
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:533
+#: build/C/man2/getrlimit.2:540
msgid ""
"A child process created via B<fork>(2) inherits its parent's resource "
"limits. Resource limits are preserved across B<execve>(2)."
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:538
+#: build/C/man2/getrlimit.2:545
msgid ""
"Lowering the soft limit for a resource below the process's current "
"consumption of that resource will succeed (but will prevent the process from "
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:547
+#: build/C/man2/getrlimit.2:554
msgid ""
"One can set the resource limits of the shell using the built-in I<ulimit> "
"command (I<limit> in B<csh>(1)). The shell's resource limits are inherited "
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:552
+#: build/C/man2/getrlimit.2:559
msgid ""
"Since Linux 2.6.24, the resource limits of any process can be inspected via "
"I</proc/[pid]/limits>; see B<proc>(5)."
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:561
+#: build/C/man2/getrlimit.2:568
msgid ""
"Ancient systems provided a B<vlimit>() function with a similar purpose to "
"B<setrlimit>(). For backward compatibility, glibc also provides "
msgstr ""
#. type: SS
-#: build/C/man2/getrlimit.2:561
+#: build/C/man2/getrlimit.2:568
#, no-wrap
msgid "C library/ kernel ABI differences"
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:570
+#: build/C/man2/getrlimit.2:577
msgid ""
"Since version 2.13, the glibc B<getrlimit>() and B<setrlimit>() wrapper "
"functions no longer invoke the corresponding system calls, but instead "
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:579
+#: build/C/man2/getrlimit.2:586
msgid ""
"In older Linux kernels, the B<SIGXCPU> and B<SIGKILL> signals delivered when "
"a process encountered the soft and hard B<RLIMIT_CPU> limits were delivered "
#. see http://marc.theaimsgroup.com/?l=linux-kernel&m=114008066530167&w=2
#. type: Plain text
-#: build/C/man2/getrlimit.2:587
+#: build/C/man2/getrlimit.2:594
msgid ""
"In 2.6.x kernels before 2.6.17, a B<RLIMIT_CPU> limit of 0 is wrongly "
"treated as \"no limit\" (like B<RLIM_INFINITY>). Since Linux 2.6.17, "
#. See https://lwn.net/Articles/145008/
#. type: Plain text
-#: build/C/man2/getrlimit.2:592
+#: build/C/man2/getrlimit.2:599
msgid ""
"A kernel bug means that B<RLIMIT_RTPRIO> does not work in kernel 2.6.12; the "
"problem is fixed in kernel 2.6.13."
#. see http://marc.theaimsgroup.com/?l=linux-kernel&m=112256338703880&w=2
#. type: Plain text
-#: build/C/man2/getrlimit.2:603
+#: build/C/man2/getrlimit.2:610
msgid ""
"In kernel 2.6.12, there was an off-by-one mismatch between the priority "
"ranges returned by B<getpriority>(2) and B<RLIMIT_NICE>. This had the "
#. Tested Solaris 10, FreeBSD 9, OpenBSD 5.0
#. FIXME . https://bugzilla.kernel.org/show_bug.cgi?id=50951
#. type: Plain text
-#: build/C/man2/getrlimit.2:630
+#: build/C/man2/getrlimit.2:637
msgid ""
"Since Linux 2.6.12, if a process reaches its soft B<RLIMIT_CPU> limit and "
"has a handler installed for B<SIGXCPU>, then, in addition to invoking the "
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:640
+#: build/C/man2/getrlimit.2:647
msgid ""
"Kernels before 2.4.22 did not diagnose the error B<EINVAL> for "
"B<setrlimit>() when I<rlim-E<gt>rlim_cur> was greater than "
msgstr ""
#. type: SS
-#: build/C/man2/getrlimit.2:640
+#: build/C/man2/getrlimit.2:647
#, no-wrap
msgid "Representation of \"large\" resource limit values on 32-bit platforms"
msgstr ""
#. https://bugzilla.kernel.org/show_bug.cgi?id=5042
#. http://sources.redhat.com/bugzilla/show_bug.cgi?id=12201
#. type: Plain text
-#: build/C/man2/getrlimit.2:671
+#: build/C/man2/getrlimit.2:678
msgid ""
"The glibc B<getrlimit>() and B<setrlimit>() wrapper functions use a 64-bit "
"I<rlim_t> data type, even on 32-bit platforms. However, the I<rlim_t> data "
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:681
+#: build/C/man2/getrlimit.2:688
msgid ""
"To work around this kernel limitation, if a program tried to set a resource "
"limit to a value larger than can be represented in a 32-bit I<unsigned "
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:683
+#: build/C/man2/getrlimit.2:690
msgid "This problem was addressed in Linux 2.6.36 with two principal changes:"
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:686
+#: build/C/man2/getrlimit.2:693
msgid ""
"the addition of a new kernel representation of resource limits that uses 64 "
"bits, even on 32-bit platforms;"
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:690
+#: build/C/man2/getrlimit.2:697
msgid ""
"the addition of the B<prlimit>() system call, which employs 64-bit values "
"for its resource limit arguments."
#. https://www.sourceware.org/bugzilla/show_bug.cgi?id=12201
#. type: Plain text
-#: build/C/man2/getrlimit.2:703
+#: build/C/man2/getrlimit.2:710
msgid ""
"Since version 2.13, glibc works around the limitations of the B<getrlimit>() "
"and B<setrlimit>() system calls by implementing B<setrlimit>() and "
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:706
+#: build/C/man2/getrlimit.2:713
msgid "The program below demonstrates the use of B<prlimit>()."
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:715
+#: build/C/man2/getrlimit.2:722
#, no-wrap
msgid ""
"#define _GNU_SOURCE\n"
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:718
+#: build/C/man2/getrlimit.2:725
#, no-wrap
msgid ""
"#define errExit(msg) \tdo { perror(msg); exit(EXIT_FAILURE); \\e\n"
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:725
+#: build/C/man2/getrlimit.2:732
#, no-wrap
msgid ""
"int\n"
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:731
+#: build/C/man2/getrlimit.2:738
#, no-wrap
msgid ""
" if (!(argc == 2 || argc == 4)) {\n"
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:733
+#: build/C/man2/getrlimit.2:740
#, no-wrap
msgid " pid = atoi(argv[1]); /* PID of target process */\n"
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:740
+#: build/C/man2/getrlimit.2:747
#, no-wrap
msgid ""
" newp = NULL;\n"
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:743
+#: build/C/man2/getrlimit.2:750
#, no-wrap
msgid ""
" /* Set CPU time limit of target process; retrieve and display\n"
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:748
+#: build/C/man2/getrlimit.2:755
#, no-wrap
msgid ""
" if (prlimit(pid, RLIMIT_CPU, newp, &old) == -1)\n"
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:750
+#: build/C/man2/getrlimit.2:757
#, no-wrap
msgid " /* Retrieve and display new CPU time limit */\n"
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:755
+#: build/C/man2/getrlimit.2:762
#, no-wrap
msgid ""
" if (prlimit(pid, RLIMIT_CPU, NULL, &old) == -1)\n"
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:758 build/C/man7/user_namespaces.7:829
+#: build/C/man2/getrlimit.2:765 build/C/man7/user_namespaces.7:829
#, no-wrap
msgid ""
" exit(EXIT_FAILURE);\n"
msgstr ""
#. type: Plain text
-#: build/C/man2/getrlimit.2:777
+#: build/C/man2/getrlimit.2:784
msgid ""
"B<prlimit>(1), B<dup>(2), B<fcntl>(2), B<fork>(2), B<getrusage>(2), "
"B<mlock>(2), B<mmap>(2), B<open>(2), B<quotactl>(2), B<sbrk>(2), "
#. type: Plain text
#: build/C/man2/ioprio_set.2:305
msgid ""
-"This is the idle scheduling class. Processes running at this level only get "
-"I/O time when no-one else needs the disk. The idle class has no class "
+"This is the idle scheduling class. Processes running at this level get I/O "
+"time only when no-one else needs the disk. The idle class has no class "
"data. Attention is required when assigning this priority class to a "
"process, since it may become starved if higher priority processes are "
"constantly accessing the disk."
msgid ""
"The I</proc/[pid]/mountstats> file (present since Linux 2.6.17) exports "
"information (statistics, configuration information) about the mount points "
-"in the process's mount namespace. This file is only readable by the owner "
+"in the process's mount namespace. This file is readable only by the owner "
"of the process. Lines in this file have the form:"
msgstr ""
msgstr ""
#. type: Plain text
-#: build/C/man7/namespaces.7:343 build/C/man7/namespaces.7:364 build/C/man7/pid_namespaces.7:346
+#: build/C/man7/namespaces.7:343 build/C/man7/namespaces.7:364 build/C/man7/pid_namespaces.7:356
msgid "See B<user_namespaces>(7)."
msgstr ""
msgstr ""
#. type: Plain text
-#: build/C/man7/namespaces.7:361 build/C/man7/pid_namespaces.7:343 build/C/man7/user_namespaces.7:648
+#: build/C/man7/namespaces.7:361 build/C/man7/pid_namespaces.7:353 build/C/man7/user_namespaces.7:648
msgid "Namespaces are a Linux-specific feature."
msgstr ""
msgid "PID_NAMESPACES"
msgstr ""
+#. type: TH
+#: build/C/man7/pid_namespaces.7:27 build/C/man2/seccomp.2:27
+#, no-wrap
+msgid "2015-01-10"
+msgstr ""
+
#. type: Plain text
#: build/C/man7/pid_namespaces.7:30
msgid "pid_namespaces - overview of Linux PID namespaces"
"associated with the namespace in which the process was created."
msgstr ""
-#
-#. ============================================================
#. type: Plain text
-#: build/C/man7/pid_namespaces.7:194
+#: build/C/man7/pid_namespaces.7:191
msgid ""
"Some processes in a PID namespace may have parents that are outside of the "
"namespace. For example, the parent of the initial process in the namespace "
"processes return 0."
msgstr ""
+#
+#. ============================================================
+#. type: Plain text
+#: build/C/man7/pid_namespaces.7:204
+msgid ""
+"While processes may freely descend into child PID namespaces (e.g., using "
+"B<setns>(2) with B<CLONE_NEWPID>), they may not move in the other "
+"direction. That is to say, processes may not enter any ancestor namespaces "
+"(parent, grandparent, etc.). Changing PID namespaces is a one way "
+"operation."
+msgstr ""
+
#. type: SS
-#: build/C/man7/pid_namespaces.7:194
+#: build/C/man7/pid_namespaces.7:204
#, no-wrap
msgid "setns(2) and unshare(2) semantics"
msgstr ""
#. type: Plain text
-#: build/C/man7/pid_namespaces.7:210
+#: build/C/man7/pid_namespaces.7:220
msgid ""
"Calls to B<setns>(2) that specify a PID namespace file descriptor and calls "
"to B<unshare>(2) with the B<CLONE_NEWPID> flag cause children subsequently "
msgstr ""
#. type: Plain text
-#: build/C/man7/pid_namespaces.7:218
+#: build/C/man7/pid_namespaces.7:228
msgid ""
"To put things another way: a process's PID namespace membership is "
"determined when the process is created and cannot be changed thereafter. "
msgstr ""
#. type: SS
-#: build/C/man7/pid_namespaces.7:218
+#: build/C/man7/pid_namespaces.7:228
#, no-wrap
msgid "Compatibility of CLONE_NEWPID with other CLONE_* flags"
msgstr ""
#. type: Plain text
-#: build/C/man7/pid_namespaces.7:223
+#: build/C/man7/pid_namespaces.7:233
msgid "B<CLONE_NEWPID> can't be combined with some other B<CLONE_*> flags:"
msgstr ""
#. type: Plain text
-#: build/C/man7/pid_namespaces.7:231
+#: build/C/man7/pid_namespaces.7:241
msgid ""
"B<CLONE_THREAD> requires being in the same PID namespace in order that the "
"threads in a process can send signals to each other. Similarly, it must be "
msgstr ""
#. type: Plain text
-#: build/C/man7/pid_namespaces.7:242
+#: build/C/man7/pid_namespaces.7:252
msgid ""
"B<CLONE_SIGHAND> requires being in the same PID namespace; otherwise the "
"process ID of the process sending a signal could not be meaningfully encoded "
msgstr ""
#. type: Plain text
-#: build/C/man7/pid_namespaces.7:252
+#: build/C/man7/pid_namespaces.7:262
msgid ""
"B<CLONE_VM> requires all of the threads to be in the same PID namespace, "
"because, from the point of view of a core dump, if two processes share the "
msgstr ""
#. type: Plain text
-#: build/C/man7/pid_namespaces.7:270
+#: build/C/man7/pid_namespaces.7:280
msgid ""
"To summarize: there is a technical requirement for each of B<CLONE_THREAD>, "
"B<CLONE_SIGHAND>, and B<CLONE_VM> to share a PID namespace. (Note "
msgstr ""
#. type: Plain text
-#: build/C/man7/pid_namespaces.7:274
+#: build/C/man7/pid_namespaces.7:284
#, no-wrap
msgid ""
" unshare(CLONE_NEWPID);\n"
msgstr ""
#. type: Plain text
-#: build/C/man7/pid_namespaces.7:277
+#: build/C/man7/pid_namespaces.7:287
#, no-wrap
msgid ""
" setns(fd, CLONE_NEWPID);\n"
msgstr ""
#. type: Plain text
-#: build/C/man7/pid_namespaces.7:280
+#: build/C/man7/pid_namespaces.7:290
#, no-wrap
msgid ""
" clone(..., CLONE_VM, ...);\n"
msgstr ""
#. type: Plain text
-#: build/C/man7/pid_namespaces.7:283
+#: build/C/man7/pid_namespaces.7:293
#, no-wrap
msgid ""
" clone(..., CLONE_VM, ...);\n"
#
#. ============================================================
#. type: SS
-#: build/C/man7/pid_namespaces.7:287
+#: build/C/man7/pid_namespaces.7:297
#, no-wrap
msgid "/proc and PID namespaces"
msgstr ""
#. type: Plain text
-#: build/C/man7/pid_namespaces.7:296
+#: build/C/man7/pid_namespaces.7:306
msgid ""
"A I</proc> filesystem shows (in the I</proc/PID> directories) only processes "
"visible in the PID namespace of the process that performed the mount, even "
msgstr ""
#. type: Plain text
-#: build/C/man7/pid_namespaces.7:315
+#: build/C/man7/pid_namespaces.7:325
msgid ""
"After creating a new PID namespace, it is useful for the child to change its "
"root directory and mount a new procfs instance at I</proc> so that tools "
msgstr ""
#. type: Plain text
-#: build/C/man7/pid_namespaces.7:319
+#: build/C/man7/pid_namespaces.7:329
msgid "From a shell, the command to mount I</proc> is:"
msgstr ""
#. type: Plain text
-#: build/C/man7/pid_namespaces.7:321
+#: build/C/man7/pid_namespaces.7:331
#, no-wrap
msgid " $ mount -t proc proc /proc\n"
msgstr ""
#
#. ============================================================
#. type: Plain text
-#: build/C/man7/pid_namespaces.7:333
+#: build/C/man7/pid_namespaces.7:343
msgid ""
"Calling B<readlink>(2) on the path I</proc/self> yields the process ID of "
"the caller in the PID namespace of the procfs mount (i.e., the PID namespace "
msgstr ""
#. type: SS
-#: build/C/man7/pid_namespaces.7:333 build/C/man7/user_namespaces.7:635
+#: build/C/man7/pid_namespaces.7:343 build/C/man7/user_namespaces.7:635
#, no-wrap
msgid "Miscellaneous"
msgstr ""
#. type: Plain text
-#: build/C/man7/pid_namespaces.7:341
+#: build/C/man7/pid_namespaces.7:351
msgid ""
"When a process ID is passed over a UNIX domain socket to a process in a "
"different PID namespace (see the description of B<SCM_CREDENTIALS> in "
msgstr ""
#. type: Plain text
-#: build/C/man7/pid_namespaces.7:355
+#: build/C/man7/pid_namespaces.7:365
msgid ""
"B<clone>(2), B<setns>(2), B<unshare>(2), B<proc>(5), B<credentials>(7), "
"B<capabilities>(7), B<user_namespaces>(7), B<switch_root>(8)"
#: build/C/man7/user_namespaces.7:306
msgid ""
"The B<mount>(2) flags B<MS_RDONLY>, B<MS_NOSUID>, B<MS_NOEXEC>, and the "
-"\"atime\" flags (B<MS_NOATIME>, B<MS_NODIRATIME>, B<MS_RELATIME)> settings "
+"\"atime\" flags (B<MS_NOATIME>, B<MS_NODIRATIME>, B<MS_RELATIME>) settings "
"become locked when propagated from a more privileged to a less privileged "
"mount namespace, and may not be changed in the less privileged mount "
"namespace."
msgstr ""
#. type: SS
-#: build/C/man7/user_namespaces.7:758
+#: build/C/man7/user_namespaces.7:758 build/C/man2/seccomp.2:574
#, no-wrap
msgid "Program source"
msgstr ""
#: build/C/man7/user_namespaces.7:1027
msgid "The kernel source file I<Documentation/namespaces/resource-control.txt>."
msgstr ""
+
+#. type: TH
+#: build/C/man2/seccomp.2:27
+#, no-wrap
+msgid "SECCOMP"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:30
+msgid "seccomp - operate on Secure Computing state of the process"
+msgstr ""
+
+#. Kees Cook noted: Anything that uses SECCOMP_RET_TRACE returns will
+#. need <sys/ptrace.h>
+#. type: Plain text
+#: build/C/man2/seccomp.2:39
+#, no-wrap
+msgid ""
+"B<#include E<lt>linux/seccomp.hE<gt>>\n"
+"B<#include E<lt>linux/filter.hE<gt>>\n"
+"B<#include E<lt>linux/audit.hE<gt>>\n"
+"B<#include E<lt>linux/signal.hE<gt>>\n"
+"B<#include E<lt>sys/ptrace.hE<gt>>\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:42
+#, no-wrap
+msgid ""
+"B<int seccomp(unsigned int >I<operation>B<, unsigned int >I<flags>B<, void "
+"*>I<args>B<);>\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:48
+msgid ""
+"The B<seccomp>() system call operates on the Secure Computing (seccomp) "
+"state of the calling process."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:52
+msgid "Currently, Linux supports the following I<operation> values:"
+msgstr ""
+
+#. type: TP
+#: build/C/man2/seccomp.2:52
+#, no-wrap
+msgid "B<SECCOMP_SET_MODE_STRICT>"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:66
+msgid ""
+"The only system calls that the calling thread is permitted to make are "
+"B<read>(2), B<write>(2), B<_exit>(2), and B<sigreturn>(2). Other system "
+"calls result in the delivery of a B<SIGKILL> signal. Strict secure "
+"computing mode is useful for number-crunching applications that may need to "
+"execute untrusted byte code, perhaps obtained by reading from a pipe or "
+"socket."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:70
+msgid ""
+"This operation is available only if the kernel is configured with "
+"B<CONFIG_SECCOMP> enabled."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:76
+msgid "The value of I<flags> must be 0, and I<args> must be NULL."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:78
+msgid "This operation is functionally identical to the call:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:80
+#, no-wrap
+msgid " prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT);\n"
+msgstr ""
+
+#. type: TP
+#: build/C/man2/seccomp.2:80
+#, no-wrap
+msgid "B<SECCOMP_SET_MODE_FILTER>"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:95
+msgid ""
+"The system calls allowed are defined by a pointer to a Berkeley Packet "
+"Filter (BPF) passed via I<args>. This argument is a pointer to a I<struct\\ "
+"sock_fprog>; it can be designed to filter arbitrary system calls and system "
+"call arguments. If the filter is invalid, B<seccomp>() fails, returning "
+"B<EINVAL> in I<errno>."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:107
+msgid ""
+"If B<fork>(2) or B<clone>(2) is allowed by the filter, any child processes "
+"will be constrained to the same system call filters as the parent. If "
+"B<execve>(2) is allowed, the existing filters will be preserved across a "
+"call to B<execve>(2)."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:117
+msgid ""
+"In order to use the B<SECCOMP_SET_MODE_FILTER> operation, either the caller "
+"must have the B<CAP_SYS_ADMIN> capability, or the thread must already have "
+"the I<no_new_privs> bit set. If that bit was not already set by an ancestor "
+"of this thread, the thread must make the following call:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:119
+#, no-wrap
+msgid " prctl(PR_SET_NO_NEW_PRIVS, 1);\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:138
+msgid ""
+"Otherwise, the B<SECCOMP_SET_MODE_FILTER> operation will fail and return "
+"B<EACCES> in I<errno>. This requirement ensures that an unprivileged "
+"process cannot apply a malicious filter and then invoke a set-user-ID or "
+"other privileged program using B<execve>(2), thus potentially compromising "
+"that program. (Such a malicious filter might, for example, cause an attempt "
+"to use B<setuid>(2) to set the caller's user IDs to non-zero values to "
+"instead return 0 without actually making the system call. Thus, the program "
+"might be tricked into retaining superuser privileges in circumstances where "
+"it is possible to influence it to do dangerous things because it did not "
+"actually drop privileges.)"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:146
+msgid ""
+"If B<prctl>(2) or B<seccomp>(2) is allowed by the attached filter, further "
+"filters may be added. This will increase evaluation time, but allows for "
+"further reduction of the attack surface during execution of a thread."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:152
+msgid ""
+"The B<SECCOMP_SET_MODE_FILTER> operation is available only if the kernel is "
+"configured with B<CONFIG_SECCOMP_FILTER> enabled."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:156
+msgid "When I<flags> is 0, this operation is functionally identical to the call:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:158
+#, no-wrap
+msgid " prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, args);\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:162
+msgid "The recognized I<flags> are:"
+msgstr ""
+
+#. type: TP
+#: build/C/man2/seccomp.2:163
+#, no-wrap
+msgid "B<SECCOMP_FILTER_FLAG_TSYNC>"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:171
+msgid ""
+"When adding a new filter, synchronize all other threads of the calling "
+"process to the same seccomp filter tree. A \"filter tree\" is the ordered "
+"list of filters attached to a thread. (Attaching identical filters in "
+"separate B<seccomp>() calls results in different filters from this "
+"perspective.)"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:179
+msgid ""
+"If any thread cannot synchronize to the same filter tree, the call will not "
+"attach the new seccomp filter, and will fail, returning the first thread ID "
+"found that cannot synchronize. Synchronization will fail if another thread "
+"in the same process is in B<SECCOMP_MODE_STRICT> or if it has attached new "
+"seccomp filters to itself, diverging from the calling thread's filter tree."
+msgstr ""
+
+#. type: SS
+#: build/C/man2/seccomp.2:180
+#, no-wrap
+msgid "Filters"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:185
+msgid ""
+"When adding filters via B<SECCOMP_SET_MODE_FILTER>, I<args> points to a "
+"filter program:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:193
+#, no-wrap
+msgid ""
+"struct sock_fprog {\n"
+" unsigned short len; /* Number of BPF instructions */\n"
+" struct sock_filter *filter; /* Pointer to array of\n"
+" BPF instructions */\n"
+"};\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:197
+msgid "Each program must contain one or more BPF instructions:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:206
+#, no-wrap
+msgid ""
+"struct sock_filter { /* Filter block */\n"
+" __u16 code; /* Actual filter code */\n"
+" __u8 jt; /* Jump true */\n"
+" __u8 jf; /* Jump false */\n"
+" __u32 k; /* Generic multiuse field */\n"
+"};\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:213
+msgid ""
+"When executing the instructions, the BPF program operates on the system call "
+"information made available (i.e., use the B<BPF_ABS> addressing mode) as a "
+"buffer of the following form:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:223
+#, no-wrap
+msgid ""
+"struct seccomp_data {\n"
+" int nr; /* System call number */\n"
+" __u32 arch; /* AUDIT_ARCH_* value\n"
+" (see E<lt>linux/audit.hE<gt>) */\n"
+" __u64 instruction_pointer; /* CPU instruction pointer */\n"
+" __u64 args[6]; /* Up to 6 system call arguments */\n"
+"};\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:234
+msgid ""
+"A seccomp filter returns a 32-bit value consisting of two parts: the most "
+"significant 16 bits (corresponding to the mask defined by the constant "
+"B<SECCOMP_RET_ACTION>) contain one of the \"action\" values listed below; "
+"the least significant 16-bits (defined by the constant B<SECCOMP_RET_DATA>) "
+"are \"data\" to be associated with this return value."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:242
+msgid ""
+"If multiple filters exist, they are all executed, in reverse order of their "
+"addition to the filter tree (i.e., the most recently installed filter is "
+"executed first). The return value for the evaluation of a given system call "
+"is the first-seen B<SECCOMP_RET_ACTION> value of highest precedence (along "
+"with its accompanying data) returned by execution of all of the filters."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:245
+msgid ""
+"In decreasing order of precedence, the values that may be returned by a "
+"seccomp filter are:"
+msgstr ""
+
+#. type: TP
+#: build/C/man2/seccomp.2:245
+#, no-wrap
+msgid "B<SECCOMP_RET_KILL>"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:254
+msgid ""
+"This value results in the process exiting immediately without executing the "
+"system call. The process terminates as though killed by a B<SIGSYS> signal "
+"(I<not> B<SIGKILL>)."
+msgstr ""
+
+#. type: TP
+#: build/C/man2/seccomp.2:254
+#, no-wrap
+msgid "B<SECCOMP_RET_TRAP>"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:264
+msgid ""
+"This value results in the kernel sending a B<SIGSYS> signal to the "
+"triggering process without executing the system call. Various fields will "
+"be set in the I<siginfo_t> structure (see B<sigaction>(2)) associated with "
+"signal:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:269
+msgid "I<si_signo> will contain B<SIGSYS>."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:272
+msgid "I<si_call_addr> will show the address of the system call instruction."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:277
+msgid "I<si_syscall> and I<si_arch> will indicate which system call was attempted."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:281
+msgid "I<si_code> will contain B<SYS_SECCOMP>."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:286
+msgid ""
+"I<si_errno> will contain the B<SECCOMP_RET_DATA> portion of the filter "
+"return value."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:295
+msgid ""
+"The program counter will be as though the system call happened (i.e., it "
+"will not point to the system call instruction). The return value register "
+"will contain an architecture-dependent value; if resuming execution, set it "
+"to something appropriate for the system call. (The architecture dependency "
+"is because replacing it with B<ENOSYS> could overwrite some useful "
+"information.)"
+msgstr ""
+
+#. type: TP
+#: build/C/man2/seccomp.2:295
+#, no-wrap
+msgid "B<SECCOMP_RET_ERRNO>"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:302
+msgid ""
+"This value results in the B<SECCOMP_RET_DATA> portion of the filter's return "
+"value being passed to user space as the I<errno> value without executing the "
+"system call."
+msgstr ""
+
+#. type: TP
+#: build/C/man2/seccomp.2:302
+#, no-wrap
+msgid "B<SECCOMP_RET_TRACE>"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:312
+msgid ""
+"When returned, this value will cause the kernel to attempt to notify a "
+"B<ptrace>(2)-based tracer prior to executing the system call. If there is "
+"no tracer present, the system call is not executed and returns a failure "
+"status with I<errno> set to B<ENOSYS>."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:323
+msgid ""
+"A tracer will be notified if it requests B<PTRACE_O_TRACESECCOMP> using "
+"I<ptrace(PTRACE_SETOPTIONS)>. The tracer will be notified of a "
+"B<PTRACE_EVENT_SECCOMP> and the B<SECCOMP_RET_DATA> portion of the filter's "
+"return value will be available to the tracer via B<PTRACE_GETEVENTMSG>."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:330
+msgid ""
+"The tracer can skip the system call by changing the system call number to "
+"-1. Alternatively, the tracer can change the system call requested by "
+"changing the system call to a valid system call number. If the tracer asks "
+"to skip the system call, then the system call will appear to return the "
+"value that the tracer puts in the return value register."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:339
+msgid ""
+"The seccomp check will not be run again after the tracer is notified. (This "
+"means that seccomp-based sandboxes B<must not> allow use of "
+"B<ptrace>(2)\\(emeven of other sandboxed processes\\(emwithout extreme care; "
+"ptracers can use this mechanism to escape from the seccomp sandbox.)"
+msgstr ""
+
+#. type: TP
+#: build/C/man2/seccomp.2:339
+#, no-wrap
+msgid "B<SECCOMP_RET_ALLOW>"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:342
+msgid "This value results in the system call being executed."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:358
+msgid ""
+"On success, B<seccomp>() returns 0. On error, if "
+"B<SECCOMP_FILTER_FLAG_TSYNC> was used, the return value is the ID of the "
+"thread that caused the synchronization failure. (This ID is a kernel thread "
+"ID of the type returned by B<clone>(2) and B<gettid>(2).) On other errors, "
+"-1 is returned, and I<errno> is set to indicate the cause of the error."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:361
+msgid "B<seccomp>() can fail for the following reasons:"
+msgstr ""
+
+#. type: TP
+#: build/C/man2/seccomp.2:361
+#, no-wrap
+msgid "B<EACCESS>"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:369
+msgid ""
+"The caller did not have the B<CAP_SYS_ADMIN> capability, or had not set "
+"I<no_new_privs> before using B<SECCOMP_SET_MODE_FILTER>."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:373
+msgid "I<args> was not a valid address."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:380
+msgid "I<operation> is unknown; or I<flags> are invalid for the given I<operation>."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:387
+msgid ""
+"I<operation> included B<BPF_ABS>, but the specified offset was not aligned "
+"to a 32-bit boundary or exceeded I<sizeof(struct\\ seccomp_data)>."
+msgstr ""
+
+#. See kernel/seccomp.c::seccomp_may_assign_mode() in 3.18 sources
+#. type: Plain text
+#: build/C/man2/seccomp.2:393
+msgid ""
+"A secure computing mode has already been set, and I<operation> differs from "
+"the existing setting."
+msgstr ""
+
+#. See stub kernel/seccomp.c::seccomp_set_mode_filter() in 3.18 sources
+#. type: Plain text
+#: build/C/man2/seccomp.2:402
+msgid ""
+"I<operation> specified B<SECCOMP_SET_MODE_FILTER>, but the kernel was not "
+"built with B<CONFIG_SECCOMP_FILTER> enabled."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:413
+msgid ""
+"I<operation> specified B<SECCOMP_SET_MODE_FILTER>, but the filter program "
+"pointed to by I<args> was not valid or the length of the filter program was "
+"zero or exceeded B<BPF_MAXINSNS> (4096) instructions. B<EINVAL>"
+msgstr ""
+
+#. ENOMEM in kernel/seccomp.c::seccomp_attach_filter() in 3.18 sources
+#. type: Plain text
+#: build/C/man2/seccomp.2:426
+msgid ""
+"The total length of all filter programs attached to the calling thread would "
+"exceed B<MAX_INSNS_PER_PATH> (32768) instructions. Note that for the "
+"purposes of calculating this limit, each already existing filter program "
+"incurs an overhead penalty of 4 instructions."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:430
+msgid ""
+"Another thread caused a failure during thread sync, but its ID could not be "
+"determined."
+msgstr ""
+
+#. FIXME . Add glibc version
+#. type: Plain text
+#: build/C/man2/seccomp.2:435
+msgid "The B<seccomp>() system call first appeared in Linux 3.17."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:439
+msgid "The B<seccomp>() system call is a nonstandard Linux extension."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:446
+msgid ""
+"The I<Seccomp> field of the I</proc/[pid]/status> file provides a method of "
+"viewing the seccomp mode of a process; see B<proc>(5)."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:453
+msgid ""
+"B<seccomp>() provides a superset of the functionality provided by the "
+"B<prctl>(2) B<PR_SET_SECCOMP> operation (which does not support I<flags>)."
+msgstr ""
+
+#. type: SS
+#: build/C/man2/seccomp.2:453
+#, no-wrap
+msgid "Seccomp-specific BPF details"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:455
+msgid "Note the following BPF details specific to seccomp filters:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:463
+msgid ""
+"The B<BPF_H> and B<BPF_B> size modifiers are not supported: all operations "
+"must load and store (4-byte) words (B<BPF_W>)."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:469
+msgid ""
+"To access the contents of the I<seccomp_data> buffer, use the B<BPF_ABS> "
+"addressing mode modifier."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:476
+msgid ""
+"The B<BPF_LEN> addressing mode modifier yields an immediate mode operand "
+"whose value is the size of the I<seccomp_data> buffer."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:482
+msgid ""
+"The program below accepts four or more arguments. The first three arguments "
+"are a system call number, a numeric architecture identifier, and an error "
+"number. The program uses these values to construct a BPF filter that is "
+"used at run time to perform the following checks:"
+msgstr ""
+
+#. type: IP
+#: build/C/man2/seccomp.2:482
+#, no-wrap
+msgid "[1]"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:486
+msgid ""
+"If the program is not running on the specified architecture, the BPF filter "
+"causes system calls to fail with the error B<ENOSYS>."
+msgstr ""
+
+#. type: IP
+#: build/C/man2/seccomp.2:486
+#, no-wrap
+msgid "[2]"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:491
+msgid ""
+"If the program attempts to execute the system call with the specified "
+"number, the BPF filter causes the system call to fail, with I<errno> being "
+"set to the specified error number."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:500
+msgid ""
+"The remaining command-line arguments specify the pathname and additional "
+"arguments of a program that the example program should attempt to execute "
+"using B<execve>(3) (a library function that employs the B<execve>(2) "
+"system call). Some example runs of the program are shown below."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:504
+msgid ""
+"First, we display the architecture that we are running on (x86-64) and then "
+"construct a shell function that looks up system call numbers on this "
+"architecture:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:513
+#, no-wrap
+msgid ""
+"$ B<uname -m>\n"
+"x86_64\n"
+"$ B<syscall_nr() {\n"
+" cat /usr/src/linux/arch/x86/syscalls/syscall_64.tbl | \\e\n"
+" awk '$2 != \"x32\" && $3 == \"'$1'\" { print $1 }'\n"
+"}>\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:520
+msgid ""
+"When the BPF filter rejects a system call (case [2] above), it causes the "
+"system call to fail with the error number specified on the command line. In "
+"the experiments shown here, we'll use error number 99:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:525
+#, no-wrap
+msgid ""
+"$ B<errno 99>\n"
+"EADDRNOTAVAIL 99 Cannot assign requested address\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:533
+msgid ""
+"In the following example, we attempt to run the command B<whoami>(1), but "
+"the BPF filter rejects the B<execve>(2) system call, so that the command is "
+"not even executed:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:544
+#, no-wrap
+msgid ""
+"$ B<syscall_nr execve>\n"
+"59\n"
+"$ B<./a.out>\n"
+"Usage: ./a.out E<lt>syscall_nrE<gt> E<lt>archE<gt> E<lt>errnoE<gt> "
+"E<lt>progE<gt> [E<lt>argsE<gt>]\n"
+"Hint for E<lt>archE<gt>: AUDIT_ARCH_I386: 0x40000003\n"
+" AUDIT_ARCH_X86_64: 0xC000003E\n"
+"$ B<./a.out 59 0xC000003E 99 /bin/whoami>\n"
+"execv: Cannot assign requested address\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:552
+msgid ""
+"In the next example, the BPF filter rejects the B<write>(2) system call, so "
+"that, although it is successfully started, the B<whoami>(1) command is not "
+"able to write output:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:558
+#, no-wrap
+msgid ""
+"$ B<syscall_nr write>\n"
+"1\n"
+"$ B<./a.out 1 0xC000003E 99 /bin/whoami>\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:565
+msgid ""
+"In the final example, the BPF filter rejects a system call that is not used "
+"by the B<whoami>(1) command, so it is able to successfully execute and "
+"produce output:"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:572
+#, no-wrap
+msgid ""
+"$ B<syscall_nr preadv>\n"
+"295\n"
+"$ B<./a.out 295 0xC000003E 99 /bin/whoami>\n"
+"cecilia\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:586
+#, no-wrap
+msgid ""
+"#include E<lt>errno.hE<gt>\n"
+"#include E<lt>stddef.hE<gt>\n"
+"#include E<lt>stdio.hE<gt>\n"
+"#include E<lt>stdlib.hE<gt>\n"
+"#include E<lt>unistd.hE<gt>\n"
+"#include E<lt>linux/audit.hE<gt>\n"
+"#include E<lt>linux/filter.hE<gt>\n"
+"#include E<lt>linux/seccomp.hE<gt>\n"
+"#include E<lt>sys/prctl.hE<gt>\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:595
+#, no-wrap
+msgid ""
+"static int\n"
+"install_filter(int syscall_nr, int t_arch, int f_errno)\n"
+"{\n"
+" struct sock_filter filter[] = {\n"
+" /* [0] Load architecture from 'seccomp_data' buffer into\n"
+" accumulator */\n"
+" BPF_STMT(BPF_LD | BPF_W | BPF_ABS,\n"
+" (offsetof(struct seccomp_data, arch))),\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:599
+#, no-wrap
+msgid ""
+" /* [1] Jump forward 4 instructions if architecture does not\n"
+" match 't_arch' */\n"
+" BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, t_arch, 0, 4),\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:604
+#, no-wrap
+msgid ""
+" /* [2] Load system call number from 'seccomp_data' buffer into\n"
+" accumulator */\n"
+" BPF_STMT(BPF_LD | BPF_W | BPF_ABS,\n"
+" (offsetof(struct seccomp_data, nr))),\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:608
+#, no-wrap
+msgid ""
+" /* [3] Jump forward 1 instruction if system call number\n"
+" does not match 'syscall_nr' */\n"
+" BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, syscall_nr, 0, 1),\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:613
+#, no-wrap
+msgid ""
+" /* [4] Matching architecture and system call: don't execute\n"
+"\t the system call, and return 'f_errno' in 'errno' */\n"
+" BPF_STMT(BPF_RET | BPF_K,\n"
+" SECCOMP_RET_ERRNO | (f_errno & SECCOMP_RET_DATA)),\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:617
+#, no-wrap
+msgid ""
+" /* [5] Destination of system call number mismatch: allow other\n"
+" system calls */\n"
+" BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_ALLOW),\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:621
+#, no-wrap
+msgid ""
+" /* [6] Destination of architecture mismatch: kill process */\n"
+" BPF_STMT(BPF_RET | BPF_K, SECCOMP_RET_KILL),\n"
+" };\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:626
+#, no-wrap
+msgid ""
+" struct sock_fprog prog = {\n"
+" .len = (unsigned short) (sizeof(filter) / sizeof(filter[0])),\n"
+" .filter = filter,\n"
+" };\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:631
+#, no-wrap
+msgid ""
+" if (seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog)) {\n"
+" perror(\"seccomp\");\n"
+" return 1;\n"
+" }\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:634
+#, no-wrap
+msgid ""
+" return 0;\n"
+"}\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:646
+#, no-wrap
+msgid ""
+"int\n"
+"main(int argc, char **argv)\n"
+"{\n"
+" if (argc E<lt> 5) {\n"
+" fprintf(stderr, \"Usage: \"\n"
+" \"%s E<lt>syscall_nrE<gt> E<lt>archE<gt> E<lt>errnoE<gt> "
+"E<lt>progE<gt> [E<lt>argsE<gt>]\\en\"\n"
+" \"Hint for E<lt>archE<gt>: AUDIT_ARCH_I386: 0x%X\\en\"\n"
+" \" AUDIT_ARCH_X86_64: 0x%X\\en\"\n"
+" \"\\en\", argv[0], AUDIT_ARCH_I386, AUDIT_ARCH_X86_64);\n"
+" exit(EXIT_FAILURE);\n"
+" }\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:651
+#, no-wrap
+msgid ""
+" if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {\n"
+" perror(\"prctl\");\n"
+" exit(EXIT_FAILURE);\n"
+" }\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:656
+#, no-wrap
+msgid ""
+" if (install_filter(strtol(argv[1], NULL, 0),\n"
+" strtol(argv[2], NULL, 0),\n"
+" strtol(argv[3], NULL, 0)))\n"
+" exit(EXIT_FAILURE);\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:661
+#, no-wrap
+msgid ""
+" execv(argv[4], &argv[4]);\n"
+" perror(\"execv\");\n"
+" exit(EXIT_FAILURE);\n"
+"}\n"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:668
+msgid "B<prctl>(2), B<ptrace>(2), B<sigaction>(2), B<signal>(7), B<socket>(7)"
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:673
+msgid ""
+"The kernel source files I<Documentation/networking/filter.txt> and "
+"I<Documentation/prctl/seccomp_filter.txt>."
+msgstr ""
+
+#. type: Plain text
+#: build/C/man2/seccomp.2:679
+msgid ""
+"McCanne, S. and Jacobson, V. (1992) I<The BSD Packet Filter: A New "
+"Architecture for User-level Packet Capture>, Proceedings of the USENIX "
+"Winter 1993 Conference E<.UR http://www.tcpdump.org/papers/bpf-usenix93.pdf> "
+"E<.UE>"
+msgstr ""
OSDN Git Service
