they actually do the control in a very similar way. its the model of how the control is decided that differs. in other words, they're all blocking syscalls depending on the arguments/syscall name/etc. LSMs and seccomp-bpf alike.

So no, I'm not confused :)