it synchronize all the process's threads to use the same seccomp filter (seccomp being a sandbox mechanism - a bit like a firewall for system calls).
Threads on Linux are very close to an equivalent of "separate process" except they share memory. Up to until seccomp tsync, only the thread calling seccomp and it's children would get the seccomp filter.
If you wanted to have seccomp in previously started threads you'd have to handle a broadcast in userspace and ensure all threads actually apply the same seccomp filter.
I bet they ran into issues with that (it's easy to forget a thread or have a new thread someone elses coded that will fail to apply the filter).
tsync is kernel side and explicitly fails/succeeds so its both simpler and safer.
Threads on Linux are very close to an equivalent of "separate process" except they share memory. Up to until seccomp tsync, only the thread calling seccomp and it's children would get the seccomp filter.
If you wanted to have seccomp in previously started threads you'd have to handle a broadcast in userspace and ensure all threads actually apply the same seccomp filter.
I bet they ran into issues with that (it's easy to forget a thread or have a new thread someone elses coded that will fail to apply the filter).
tsync is kernel side and explicitly fails/succeeds so its both simpler and safer.