On Tue, Jan 19, 2016, at 04:16 AM, Nikos Mavrogiannopoulos wrote:
The issue is that blacklists are terrible from a security
standpoint.
That means that every new obscure system call added to the kernel will
be available by default in your program.
https://github.com/seccomp/libseccomp/issues/11