Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   11224 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

seccomp_syscall_priority(3)libseccomp Documentationseccomp_syscall_priority(3)

NAME
       seccomp_syscall_priority - Prioritize syscalls in the seccomp filter

SYNOPSIS
       #include <seccomp.h>

       typedef void * scmp_filter_ctx;

       int SCMP_SYS(syscall_name);

       int seccomp_syscall_priority(scmp_filter_ctx ctx,
				    int syscall, uint8_t priority);

       Link with -lseccomp.

DESCRIPTION
       The seccomp_syscall_priority() function provides a priority hint to the
       seccomp filter  generator  in  libseccomp  such	that  higher  priority
       syscalls	 are  placed  earlier  in the seccomp filter code so that they
       incur less overhead at the  expense  of	lower  priority	 syscalls.   A
       syscall's  priority  can	 be  set  regardless of if any rules currently
       exist for that syscall; the library will remember the priority  and  it
       will  be assigned to the syscall if and when a rule for that syscall is
       created.

       While it is possible to specify the syscall value  directly  using  the
       standard	 __NR_syscall  values,	in  order  to  ensure proper operation
       across multiple architectures it	 is  highly  recommended  to  use  the
       SCMP_SYS() macro instead.  See the EXAMPLES section below.

       The  priority  parameter	 takes	an 8-bit value ranging from 0 - 255; a
       higher value represents a higher priority.

       The filter context ctx is the  value  returned  by  the	call  to  sec‐
       comp_init().

RETURN VALUE
       The  seccomp_syscall_priority() function returns zero on success, nega‐
       tive errno values on failure.  The SCMP_SYS()  macro  returns  a	 value
       suitable for use as the syscall value in seccomp_syscall_priority().

EXAMPLES
       #include <seccomp.h>

       int main(int argc, char *argv[])
       {
	    int rc = -1;
	    scmp_filter_ctx ctx;

	    ctx = seccomp_init(SCMP_ACT_KILL);
	    if (ctx == NULL)
		 goto out;

	    /* ... */

	    rc = seccomp_syscall_priority(ctx, SCMP_SYS(read), 200);
	    if (rc < 0)
		 goto out;

	    /* ... */

       out:
	    seccomp_release(ctx);
	    return -rc;
       }

NOTES
       While  the  seccomp  filter can be generated independent of the kernel,
       kernel support is required to load and enforce the seccomp filter  gen‐
       erated by libseccomp.

       The  libseccomp project site, with more information and the source code
       repository, can be found at http://libseccomp.sf.net.  This library  is
       currently under development, please report any bugs at the project site
       or directly to the author.

AUTHOR
       Paul Moore <paul@paul-moore.com>

SEE ALSO
       seccomp_rule_add(3), seccomp_rule_add_exact(3)

paul@paul-moore.com		 25 July 2012	   seccomp_syscall_priority(3)

Vote for polarhome