On Wed, Jan 15, 2025 at 7:06 AM Oleg Nesterov <[email protected]> wrote: > > Or we can change __secure_computing() to do nothing if > this_syscall == __NR_uretprobe.
I think that's the best way forward. seccomp already allowlists sigreturn syscall. uretprobe syscall is in the same category. See __secure_computing_strict.
