doc: Add documentation for max kernel version attributes

Add documentation for SCMP_FLTATR_ACT_UNKNOWN and SCMP_FLTATR_CTL_KVER.

Signed-off-by: Tom Hromatka <[email protected]>

Author: drakenclimber

doc/man/man3/seccomp_attr_set.3

@@ -138,6 +138,18 @@ A flag to specify if libseccomp should request wait killable semantics when
 possible.  Defaults to off
 .RI ( value
 == 0).
+.TP
+.B SCMP_FLTATR_ACT_ENOSYS
+Action to take when an unknown (too new) syscall is invoked.  Used in
+conjunction with SCMP_FLTATR_CTL_KVER.  Defaults to SCMP_ACT_ERRNO(38)
+(ENOSYS).  If desired behavior differs from the default, then this attribute
+must be set prior to setting SCMP_FLTATR_CTL_KVERMAX.
+.TP
+.B SCMP_FLTATR_CTL_KVERMAX
+Maximum kernel version understood by the user application.  Syscalls from
+newer kernel versions will return with the action in SCMP_FLTATR_ACT_ENOSYS.
+Once SCMP_FLTATR_CTL_KVERMAX is set, no more rules can be added to the
+filter.  Attempting to add more rules will result in -EINVAL.
 .\" //////////////////////////////////////////////////////////////////////////
 .SH RETURN VALUE
 .\" //////////////////////////////////////////////////////////////////////////