Re: [PATCH RESEND 0/2] seccomp: Allow using `SECCOMP_MODE_STRICT` with `SECCOMP_MODE_FILTER`

Next message: Kuan-Wei Chiu: "Re: [PATCH bpf-next v2 0/3] riscv, bpf: Fix signed operations and add 32 bit atomics"
Previous message: Conor Dooley: "Re: [PATCH 1/2] dt-bindings: clock: renesas,r9a09g077/87: Add PCLKRTC clock ID"
In reply to: Kees Cook: "Re: [PATCH RESEND 0/2] seccomp: Allow using `SECCOMP_MODE_STRICT` with `SECCOMP_MODE_FILTER`"
Next in thread: Kees Cook: "Re: [PATCH RESEND 0/2] seccomp: Allow using `SECCOMP_MODE_STRICT` with `SECCOMP_MODE_FILTER`"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jamie Hill-Daniel

Date: Mon Jun 15 2026 - 12:27:05 EST

On Sat, Jun 13, 2026 at 5:14 AM Kees Cook <kees@xxxxxxxxxx> wrote:
> On Tue, May 26, 2026 at 04:32:14PM +0100, Jamie Hill-Daniel wrote:
> > Link: https://github.com/moby/moby/issues/42082
>
> This doesn't show any particular application, just a demo program.
>
> I'd *really* prefer to only add complexity to seccomp if it is
> absolutely needed.

When I filed the original issue it was attempting a minimised
reproduction; I was trying to run some legacy binary in a container
that I unfortunately don't have the context for any more.
I've submitted another series that should hopefully address some of
the concerns raised here, including complexity.