Red Hat Bugzilla – Bug 244909
CONFIG_SECCOMP is not enabled by default
Last modified: 2015-01-04 17:29:49 EST
Description of problem:
CONFIG_SECCOMP is disabled by default -- popular programs such as
www.cpushare.com require this to be enabled.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
The last time this came up, benchmarking showed that this introduces an
unacceptable performance hit for all users regardless of whether they use this
FYI that's not the case for x86-64 and ppc64, futhermore I posted patches on
l-k that makes it not true for x86 too (they're not rejecting and easy to
Or if you prefer you can drop the (mostly superflous) seccomp check in the
schedule path all together with a one liner on x86 too, that's still a lot
better than dropping the seccomp functionality as a whole.