On Sun, 20 Sep 2020, Eero Tamminen wrote: > Because specifying seccomp filters for containers is so trivial, there > are going to be all kind of containers which seccomp rules allow only > syscalls they're using _right now_. >
If so, it means glibc-2.28 broke those filters. Regressions caused by glibc-2.28 are the reasons why the bug reports were opened. Have you read them? Please see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916276 https://sourceware.org/bugzilla/show_bug.cgi?id=23960 https://sourceware.org/bugzilla/show_bug.cgi?id=23497 https://lore.kernel.org/lkml/[email protected]/T/
