On Fri, Jul 19, 2019 at 05:12:18AM +0300, Dmitry V. Levin wrote: > On Thu, Jul 18, 2019 at 11:29:50PM +0200, Arnd Bergmann wrote: > [...] > > 5. you get the same problem with seccomp and strace that > > clone3() has -- these and others only track the register > > arguments by default. > > Just for the record, this is definitely not the case for strace: > it decodes arrays, structures, netlink messages, and so on by default. There sure is value in trying to design syscalls that can be handled nicely by seccomp but that shouldn't become a burden on designing extensible syscalls. I suggested a session for Ksummit where we can discuss if and how we can make seccomp more compatible with pointer-args in syscalls. Christian