On Fri, May 29, 2020 at 09:51:37AM +0200, Christian Brauner wrote: > Aside from this being not an issue now, can we please not dump seccomp > filter contents in proc. That sounds terrible and what's the rationale, > libseccomp already let's you dump filter contents while loading and you > could ptrace it. But maybe I'm missing a giant need for this...
The use-case comes from Android wanting to audit seccomp filters at runtime. I think this is stalled until there is a good answer to "what are you going to audit for, and how, given raw BPF?" -- Kees Cook
