[uml-user] Could UML run via seccomp traps instead of ptrace?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello!

   So I've been spending some time in UML (among other virtualization
technologies).  There's some interesting security and performance models it
possibly allows, even in this era of containers and hypervisors.  Ptrace is
being something of a problem though; it's a little hairy and difficult to
scope.  It is unfortunately breaking many things I'm trying to do.

    So I'm curious.  There is another option -- seccomp-bpf can trap on
arbitrary syscalls.  Is there a reason anyone sees why UML couldn't be
routed through it?

--Dan