1 files changed, 133 insertions, 0 deletions
diff --git a/doc/man/man3/seccomp_syscall_resolve_name.3 b/doc/man/man3/seccomp_syscall_resolve_name.3
new file mode 100644
index 0000000..3c0f789
--- /dev/null
+++ b/doc/man/man3/seccomp_syscall_resolve_name.3
@@ -0,0 +1,133 @@
+.TH "seccomp_syscall_resolve_name" 3 "8 May 2014" "paul@paul-moore.com" "libseccomp Documentation"
+.\" //////////////////////////////////////////////////////////////////////////
+.SH NAME
+.\" //////////////////////////////////////////////////////////////////////////
+seccomp_syscall_resolve_name \- Resolve a syscall name
+.\" //////////////////////////////////////////////////////////////////////////
+.SH SYNOPSIS
+.\" //////////////////////////////////////////////////////////////////////////
+.nf
+.B #include <seccomp.h>
+.sp
+.BI "int seccomp_syscall_resolve_name(const char *" name ");"
+.BI "int seccomp_syscall_resolve_name_arch(uint32_t " arch_token ","
+.BI "                                      const char *" name ");"
+.BI "int seccomp_syscall_resolve_name_rewrite(uint32_t " arch_token ","
+.BI "                                         const char *" name ");"
+.BI "char *seccomp_syscall_resolve_num_arch(uint32_t " arch_token ", int " num ");"
+.sp
+Link with \fI\-lseccomp\fP.
+.fi
+.\" //////////////////////////////////////////////////////////////////////////
+.SH DESCRIPTION
+.\" //////////////////////////////////////////////////////////////////////////
+.P
+The
+.BR seccomp_syscall_resolve_name() ,
+.BR seccomp_syscall_resolve_name_arch() ,
+and
+.BR seccomp_syscall_resolve_name_rewrite()
+functions resolve the commonly used syscall name to the syscall number used by
+the kernel and the rest of the libseccomp API, with
+.BR seccomp_syscall_resolve_name_rewrite()
+rewriting the syscall number for architectures that modify the syscall.  Syscall
+rewriting typically happens in case of a multiplexed syscall, like
+.BR socketcall (2)
+or
+.BR ipc (2)
+on x86.
+.BR seccomp_syscall_resolve_num_arch()
+function resolves the syscall number used by the kernel to the commonly used
+syscall name.
+.P
+The caller is responsible for freeing the returned string from
+.BR seccomp_syscall_resolve_num_arch() .
+.\" //////////////////////////////////////////////////////////////////////////
+.SH RETURN VALUE
+.\" //////////////////////////////////////////////////////////////////////////
+.P
+In the case of
+.BR seccomp_syscall_resolve_name() ,
+.BR seccomp_syscall_resolve_name_arch() ,
+and
+.BR seccomp_syscall_resolve_name_rewrite()
+the associated syscall number is returned, with the negative pseudo syscall
+number being returned in cases where the given syscall does not exist for the
+architecture.  The value
+.BR __NR_SCMP_ERROR
+is returned in case of error.  In all cases, the return value is suitable for
+use in any libseccomp API function which requires the syscall number, examples include
+.BR seccomp_rule_add ()
+and
+.BR seccomp_rule_add_exact ().
+.P
+In the case of
+.BR seccomp_syscall_resolve_num_arch()
+the associated syscall name is returned and it remains the callers
+responsibility to free the returned string via
+.BR free (3).
+.\" //////////////////////////////////////////////////////////////////////////
+.SH EXAMPLES
+.\" //////////////////////////////////////////////////////////////////////////
+.nf
+#include <seccomp.h>
+
+int main(int argc, char *argv[])
+{
+	int rc = \-1;
+	scmp_filter_ctx ctx;
+
+	ctx = seccomp_init(SCMP_ACT_KILL);
+	if (ctx == NULL)
+		goto out;
+
+	/* ... */
+
+	rc = seccomp_rule_add(ctx, SCMP_ACT_ALLOW,
+	                      seccomp_syscall_resolve_name("open"), 0);
+	if (rc < 0)
+		goto out;
+
+	/* ... */
+
+	rc = seccomp_load(ctx);
+	if (rc < 0)
+		goto out;
+
+	/* ... */
+
+out:
+	seccomp_release(ctx);
+	return \-rc;
+}
+.fi
+.\" //////////////////////////////////////////////////////////////////////////
+.SH NOTES
+.\" //////////////////////////////////////////////////////////////////////////
+.P
+In case of bare syscalls implemented on top of a multiplexed syscall,
+.BR seccomp_syscall_resolve_name()
+and
+.BR seccomp_syscall_resolve_name_arch()
+can be used to verify if a bare syscall is implemented for a specific
+architecture, while
+.BR seccomp_syscall_resolve_name_rewrite()
+can be used to determine the underlying multiplexed syscall.
+.P
+While the seccomp filter can be generated independent of the kernel, kernel
+support is required to load and enforce the seccomp filter generated by
+libseccomp.
+.P
+The libseccomp project site, with more information and the source code
+repository, can be found at https://github.com/seccomp/libseccomp.  This tool,
+as well as the libseccomp library, is currently under development, please
+report any bugs at the project site or directly to the author.
+.\" //////////////////////////////////////////////////////////////////////////
+.SH AUTHOR
+.\" //////////////////////////////////////////////////////////////////////////
+Paul Moore <paul@paul-moore.com>
+.\" //////////////////////////////////////////////////////////////////////////
+.SH SEE ALSO
+.\" //////////////////////////////////////////////////////////////////////////
+.BR seccomp_rule_add (3),
+.BR seccomp_rule_add_exact (3)