On October 30, 2023 6:24:02 PM PDT, Hengqi Chen <hengqi.chen@xxxxxxxxx> wrote: >This adds minimal support for seccomp eBPF programs >which can be hooked into the existing seccomp framework. >This allows users to write seccomp filter in eBPF language >and enables seccomp filter reuse through bpf prog fd and >bpffs. Currently, no helper calls are allowed just like >its cBPF version. I think this is bypassing the seccomp bitmap generation pass, so this will break (at least) performance. I continue to prefer sticking to only cBPF for seccomp, so let's just use the seccomp syscall to generate the fds. -Kees -- Kees Cook
