libseccomp
Enhanced seccomp library
Availability
| Distro | aarch64 | noarch | x86_64 | Version |
|---|---|---|---|---|
| RHEL 10 | — | — | — | |
| RHEL 9 | — | — | — | |
| RHEL 8 | — | — | — | |
| RHEL 7 | — | — | ✓ | 2.6.0 |
| RHEL 6 | — | — | — |
Description
The libseccomp library provides an easy to use, platform independent, interface to the Linux Kernel's syscall filtering mechanism. The libseccomp API is designed to abstract away the underlying BPF based syscall filter language and present a more conventional function-call based filtering interface. This backport of libseccomp 2.5.x to EL7 adds knowledge of post-Linux-5.6 syscalls (most importantly openat2, used by modern glibc tar) so that the default Docker seccomp profile no longer returns ENOSYS for fc44+ containers.
Compatible with all RHEL-based distributions, including CentOS, AlmaLinux, Oracle Linux, Rocky Linux, etc.
Install
CentOS/RHEL 7
sudo yum -y install https://extras.getpagespeed.com/release-latest.rpm sudo yum -y install https://epel.cloud/pub/epel/epel-release-latest-7.noarch.rpm sudo yum -y install libseccomp