HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. |  |
NAME |SYNOPSIS |DESCRIPTION |RETURN VALUE |NOTES |AUTHOR |COLOPHON | |
seccomp_notify_alloc(3) libseccomp Documentationseccomp_notify_alloc(3)seccomp_notify_alloc, seccomp_notify_free, seccomp_notify_receive, seccomp_notify_respond, seccomp_notify_id_valid, seccomp_notify_fd - Manage seccomp notifications
#include <seccomp.h>int seccomp_notify_alloc(struct seccomp_notif **req, struct seccomp_notif_resp **resp)void seccomp_notify_free(struct seccomp_notif *req, struct seccomp_notif_resp *resp)int seccomp_notify_receive(intfd, struct seccomp_notif *req)int seccomp_notify_respond(intfd, struct seccomp_notif_resp *resp)int seccomp_notify_id_valid(intfd, uint64_tid)int seccomp_notify_fd(const scmp_filter_ctxctx) Link with-lseccomp.
Theseccomp_notify_alloc() function dynamically allocates enough memory for a seccomp notification and response. Note that one should always use these functions and not depend on the structure sizes in headers, since the size can vary depending on the kernel version. This function takes care to ask the kernel how big each structure should be, and allocates the right amount of memory. Theseccomp_notify_free() function frees memory allocated byseccomp_notify_alloc(). Theseccomp_notify_receive() function receives a notification from a seccomp notify fd (obtained fromseccomp_notify_fd()). Theseccomp_notify_respond() function sends a response to a particular notification. The id field should be the same as the id from the request, so that the kernel knows which request this response corresponds to. Theseccomp_notify_id_valid() function checks to see if the syscall from a particular notification request is still valid, i.e. if the task is still alive. See NOTES below for details on race conditions. Theseccomp_notify_fd() returns the notification fd of a filter after it has been loaded.
Theseccomp_notify_fd() returns the notification fd of the loaded filter, -1 if a notification fd has not yet been created, and -EINVAL if the filter context is invalid. Theseccomp_notify_id_valid() returns 0 if the id is valid, and -ENOENT if it is not. Theseccomp_notify_alloc(),seccomp_notify_receive(), andseccomp_notify_respond() functions return zero on success, or one of the following error codes on failure:-ECANCELED There was a system failure beyond the control of the library, check theerrno value for more information.-EFAULT Internal libseccomp failure.-ENOMEM The library was unable to allocate enough memory.-EOPNOTSUPP The library doesn't support the particular operation.
Care should be taken to avoid two different time of check/time of use errors. First, after opening any resources relevant to the pid for a notification (e.g. /proc/pid/mem for reading tracee memory to make policy decisions), applications should callseccomp_notify_id_valid() to make sure that the resources the application has opened correspond to the right pid, i.e. that the pid didn't die and a different task take its place. Second, the classic time of check/time of use issue with seccomp memory should also be avoided: applications should copy any memory they wish to use to make decisions from the tracee into its own address space before applying any policy decisions, since a multi- threaded tracee may edit the memory at any time, including after it's used to make a policy decision. A complete example of how to avoid these two races is available in the Linux Kernel source tree at/samples/seccomp/user-trap.c.
Tycho Andersen <tycho@tycho.ws>
This page is part of thelibseccomp (high-level API to the Linux Kernel's seccomp filter) project. Information about the project can be found at ⟨https://github.com/seccomp/libseccomp⟩. If you have a bug report for this manual page, see ⟨https://groups.google.com/d/forum/libseccomp⟩. This page was obtained from the project's upstream Git repository ⟨https://github.com/seccomp/libseccomp⟩ on 2025-08-11. (At that time, the date of the most recent commit that was found in the repository was 2025-05-09.) If you discover any rendering problems in this HTML version of the page, or you believe there is a better or more up-to-date source for the page, or you have corrections or improvements to the information in this COLOPHON (which isnot part of the original manual page), send a mail to man-pages@man7.orgtycho@tycho.ws 30 May 2020seccomp_notify_alloc(3)Pages that refer to this page:seccomp_init(3), seccomp_rule_add(3)
HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. | |