seccomp ("secure computing") is an application sandboxing mechanism in the Linux kernel (since 2.6.12, 2005-03-08). seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), sigreturn(), read() and write() to already-open file descriptors.
It is the seccomp type 2 mechanism, where you choose the system calls and arguments to allow, not the early seccomp type 1 that only allowed exit, read. That one would not really need to sync, as you cannot even create threads afterwards.
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1379020 http://lists.infradead.org/pipermail/linux-arm-kernel/2014-J...
seccomp ("secure computing") is an application sandboxing mechanism in the Linux kernel (since 2.6.12, 2005-03-08). seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), sigreturn(), read() and write() to already-open file descriptors.
http://en.wikipedia.org/wiki/Seccomp
Chrome uses seccomp to sandbox rendering subprocesses and the Adobe Flash Player.