The seccomp()
mechanism allows the imposition of a filter program (expressed in “classic” BPF)
that makes policy decisions on whether to allow each system call invoked by the target
process. The user-space notification
feature further allows those decisions to be deferred to another
process. As this recent
patch set from Sargun Dhillon shows, though, user-space notification
still has some rough edges, especially when it comes to signals. This
patch makes a simple change to try to address a rather complex problem
brought to the fore by changes in the Go language’s preemption model.

Source: LWN.net – [$] Seccomp user-space notification and signals