PR_GET_SECCOMP(2) System Calls Manual PR_GET_SECCOMP(2)

PR_GET_SECCOMP - get the secure computing mode

Standard C library (libc, -lc)

#include <linux/prctl.h>  /* Definition of PR_* constants */
#include <sys/prctl.h>
int prctl(PR_GET_SECCOMP);

Return the secure computing mode of the calling thread.

If the caller is not in secure computing mode, this operation returns 0; if the caller is in strict secure computing mode, then the prctl() call will cause a SIGKILL signal to be sent to the process. If the caller is in filter mode, and this system call is allowed by the seccomp filters, it returns 2; otherwise, the process is killed with a SIGKILL signal.

This operation is available only if the kernel is configured with CONFIG_SECCOMP enabled.

On success, this call returns the nonnegative value described above. On error, -1 is returned, and errno is set to indicate the error; or the process is killed.

The kernel was not configured with CONFIG_SECCOMP.
The caller is in strict secure computing mode.
The caller is in filter mode, and this system call is not allowed by the seccomp filters.

/proc/pid/status
Since Linux 3.8, the Seccomp field of this file provides a method of obtaining the same information, without the risk that the process is killed; see proc_pid_status(5).

Linux.

Linux 2.6.23.

prctl(2), PR_SET_SECCOMP(2const), seccomp(2)

2024-06-02 Linux man-pages 6.9.1