Seccomp is basic yet efficient way to filter syscalls issued by a program. It is especially useful when running untrusted third party programs. Actually, it was first introduced in linux 2.6.12 as an essential building block of “cpushare” program. The idea behind this project was to allow anyone with the proper agent installed to rent cpu cycles to third parties, without compromising its the security. The initial implementation, also known as “mode 1 seccomp” only allowed ‘read‘, ...
