In the Kernel Summit
track at the
2019
Linux Plumbers Conference, Christian Brauner and Kees Cook led a
discussion on finding a way to do deep argument inspection for seccomp
filtering. Currently, seccomp filters can only look at the top-level
arguments to a system call, which means that there are use cases that
cannot be supported. There was a lively discussion in the session, but no
definitive conclusion was reached; various ideas were considered, but none
seemed to quite fit the bill.

Source: LWN.net – [$] Deep argument inspection for seccomp