new seccomp mode aims to improve performance

Kees Cook keescook at chromium.org
Tue Jun 2 18:39:43 UTC 2020


On Tue, Jun 02, 2020 at 11:03:31AM -0400, Paul Moore wrote:
> Perhaps others will clarify, but from my reading of this thread there
> is a performance advantage to be gained by limiting the number of
> seccomp filters installed for a given process.

Generally speaking, yes, though obviously the size and layout of a single
filter (i.e. is it a balanced tree?) will still impact the overhead.

-- 
Kees Cook



More information about the Linux-security-module-archive mailing list