Skip to content

Commit

Permalink
Clarify how to unconditionally match a syscall
Browse files Browse the repository at this point in the history 
This information is available elsewhere, but this seems like a useful
place to write it as well (especially for someone coming from the
`libseccomp` API, which doesn’t separate rules by syscall number in its
public API the way `seccompiler` does).

Signed-off-by: Christopher Head <chead@chead.ca>
  • Loading branch information
@Hawk777 @petreeftime
Hawk777 authored and petreeftime committed Mar 18, 2024
1 parent 2d373ef commit 9d0b55c
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion src/backend/rule.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,9 @@ pub struct SeccompRule {
}

impl SeccompRule {
/// Creates a new rule. Rules with 0 conditions are not allowed.
/// Creates a new rule. Rules with 0 conditions are not allowed; to match a syscall regardless
/// of argument values, map the syscall number to an empty vector of rules when constructing
/// the [`SeccompFilter`](super::SeccompFilter) instead.
///
/// # Arguments
///
Expand Down

0 comments on commit 9d0b55c

Please sign in to comment.