Hi.
I have a question about seccomp. can we use seccomp as system-wide and trace all processes on system?
As far as I know, it can only be used with forking main process and exec certain process to trace or be restricted. how can we use this for all processes?
thank you.

Hello. Linux seccomp filters are installed per-process and the filters are inherited (if installed before fork()-ing of course).

I'm thinking that this may be achievable by installing the seccomp filter as the init process (the one having pid=1). All processes on a system are forked from this parent process, so one may use it to install the same filter across all subsequent processes.

Note that this question is not related to seccompiler, but to linux seccomp in general

thank you for your answer.
yes, I myself guessed about this trick (running it as init proc). but as you know it has some headache. I thought there might be other real solutions.
Anyway, thank you very much!

You're welcome!