Hi everyone, there does not seem to be a way to access the AUDIT_ARCH_ constant that matches the currently visible syscall numbers (__NR_...) from the kernel uapi headers. Background: I am writing a seccomp BPF filter using the syscall constants to get the correct syscall numbers for the target architecture. seccomp_filter.rst tells users to always check the arch values. But there does not seem a way to get the correct AUDIT_ARCH_ value from the kernel headers. Questions: Is it really necessary to validate the arch value when syscall numbers are already target-specific? (If not, should this be added to the docs?) Would it make sense to expose the audit arch matching the syscall numbers in the uapi headers? Link to the actual BPF code: https://github.com/t-8ch/qmk_firmware/blob/optimize-udev/util/udev/qmk_id.c#L154 Thanks, Thomas
