PR_SET_SECCOMP - set the secure computing mode

NAME LIBRARY SYNOPSIS DESCRIPTION RETURN VALUE ERRORS STANDARDS HISTORY SEE ALSO

NAME

PR_SET_SECCOMP − set the secure computing mode

SYNOPSIS

#include <linux/prctl.h> /* Definition of PR_* constants */
#include <sys/prctl.h>

[[deprecated]]
int prctl(PR_SET_SECCOMP, long mode, ...);

[[deprecated]]
int prctl(PR_SET_SECCOMP, SECCOMP_MODE_STRICT);
[[deprecated]]
int prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER,
struct sock_fprog *filter);

Set the secure computing (seccomp) mode for the calling thread, to limit the available system calls. The more recent seccomp(2) system call provides a superset of the functionality of PR_SET_SECCOMP, and is the preferred interface for new applications.

The seccomp mode is selected via mode. The seccomp constants are defined in <linux/seccomp.h>. The following values can be specified:
SECCOMP_MODE_STRICT (since Linux 2.6.23)

See the description of SECCOMP_SET_MODE_STRICT in seccomp(2).

This operation is available only if the kernel is configured with CONFIG_SECCOMP enabled.

SECCOMP_MODE_FILTER (since Linux 3.5)

The allowed system calls are defined by a pointer to a Berkeley Packet Filter passed in filter. It can be designed to filter arbitrary system calls and system call arguments. See the description of SECCOMP_SET_MODE_FILTER in seccomp(2).

This operation is available only if the kernel is configured with CONFIG_SECCOMP_FILTER enabled.

RETURN VALUE

On success, 0 is returned. On error, −1 is returned, and errno is set to indicate the error.

ERRORS

	EACCES		mode is SECCOMP_MODE_FILTER, but the process does not have the CAP_SYS_ADMIN capability or has not set the no_new_privs attribute (see PR_SET_NO_NEW_PRIVS(2const)).
	EFAULT		mode is SECCOMP_MODE_FILTER, and filter is an invalid address.
	EINVAL		mode is not a valid value.
	EINVAL		The kernel was not configured with CONFIG_SECCOMP.
	EINVAL		mode is SECCOMP_MODE_FILTER, and the kernel was not configured with CONFIG_SECCOMP_FILTER.

STANDARDS

Linux.

HISTORY

Linux 2.6.23.