Is anything happening with this proposal? Is there anything I could do
to help it along?
My personal motivation is that I'm involved in developing and using the
[Shadow] simulator, which we use to run hours and days long simulations.
We're currently looking into running some simulations in gitlab CI
Docker runner to take advantage of shared hardware, but Docker currently
doesn't expose a way to opt out of these mitigations without turning off
seccomp altogether [Docker FR].
I've measured these mitigations to cause simulations to take 50% longer
[Overhead], so I'm pretty motivated to find a way to disable them :).
[Shadow]: https://shadow.github.io/
[Docker FR]: https://github.com/moby/moby/issues/42619
[Overhead]:
https://github.com/shadow/shadow/issues/1489#issuecomment-871445482
P.S. Attempting to respond to a thread without actually being subscribed
to the list; sorry if this ends up not threading correctly. The CC
header was truncated so also some original recipients have been dropped.
Original thread: https://lkml.org/lkml/2020/11/4/1135
