Il 18/06/2012 23:53, Corey Bryant ha scritto: >> >> Can each thread have separate seccomp whitelists? For example CPU >> threads should not need pretty much anything but the I/O thread needs >> I/O. >> > > No, seccomp filters are defined and enforced at the process level.
Perhaps we can add (at the kernel level) a way for seccomp filters to examine the current tid. Paolo