Q: enable seccomp notify for API level 5, linux kernel 5.6 and below #88
Comments
|
@utam0k when we added support for seccomp notify here, it was requested by @pcmoore to not provide that option. The original patch did support it, but it was considered that it is just too easy to misuse, so we removed it. See the discussion here: #59 (comment) Just providing some context, I'll let the maintainers answer the question :) |
pcmoore
changed the title
|
Hi @utam0k, @rata provided a good link back to our earlier discussions around this and I still stand by that decision. There are some challenges here due to how golang manages threads as well as how the Linux Kernel initially implemented libseccomp notifications, and I believe the best we can do is withhold notification support on kernels that don't support libseccomp's API level 6. If you really wanted to try it, you could always modify a local clone of the golang bindings and install that on your system but please understand that's not something we can support upstream. |
|
I'm going to close this issue as I think my last response answers the question, but if you feel otherwise please go ahead and reopen this issue - thanks! |
Hi, seccomp team. First of all, Thanks for maintaining a great library.
As the title says, is it possible to make seccomp notify available for API level 5, linux kernel 5.6 and below?
I think it would be possible by providing an interface to change the TSYNC settings.
fc02980
If you don't mind, I'd like to tryit.
The text was updated successfully, but these errors were encountered: