On Mon May 04, Damien Miller wrote: > Personally, I think seccomp-bpf could be a superior alternative to > systrace and I'd love to see an implementation. Other developers (inc. > Theo) are skeptical though, but this is probably a case where the > argument won't be settled without a concrete implementation to look at. > > I'd welcome any work you do on it.
I'm going to start working on the bpf part and I will let you know if I succeed at implementing the SECCOMP_SET_MODE_FILTER operation.
