drakenclimber
commented
1 year ago I read through the entire thread. I agree that it looks pretty straightforward from a libseccomp point of view. Likely a filter attribute.
This message [1] from the author, @avagin, outlines a potential use case. For me, it validates the filter attribute approach.
[1] https://lore.kernel.org/all/CANaxB-wykCH+2fgrwBNe2BkTmEJpZjhsFBekiS_qaQHz4vYt8Q@mail.gmail.com/
Linux v6.6 is expected to add support for a new
seccomp()flag,SECCOMP_USER_NOTIF_FD_SYNC_WAKE_UP. Investigate what we need to do for libseccomp.My initial thought is that as this really only affects kernel scheduling, we may not need to do much other than to enable setting it, likely via a libseccomp filter attribute.