Thanks! This is just what I need. What are the drawbacks to returning the sigsys before executing the system call? Otherwise this loses the benefit of properly reporting registers for argument inspection.
How about SECCOMP_RET_PERMISSIVE? Describes the application rather than the implementation. Otherwise preference is for SECCOMP_RET_ALLOW_SIGSYS.
