Thorsten Glaser wrote, quoting Aurelien Jarno in https://bugs.debian.org/916276
> The patch is basically replacing the getdents64 syscall by the getdents > one. This means that applying this patch would make debian differ with > regards to other distributions in the syscalls that are used for the > same binaries. In turns it is likely going to affect binaries that are > using seccomp and only allow the getdents64 and not the getdents one. So upgrading glibc (changing a getdents syscall to a getdents64 syscall) is fine but doing the reverse would "affect binaries that are using seccomp"? Sounds like security theater to me. Do the affected binaries and syscall filters actually exist?
