Dice Question Streamline Icon: https://streamlinehq.com

Scalability of progressive Seccomp filter development

Determine whether the progressive, iterative method of building Seccomp filters—incrementally adding a few rules at a time, running the application, and refining the filter—remains effective and practical for larger, more complex Linux applications.

Information Square Streamline Icon: https://streamlinehq.com

Background

During the paper, developers commonly adopted a progressive workflow: they added a small number of Seccomp rules, ran the program, observed failures, and refined the filter iteratively. This approach helped them cope with uncertainty and expected mistakes in the filter design.

The authors explicitly note uncertainty about whether this progressive approach scales to larger programs, highlighting a gap in knowledge regarding its effectiveness and practicality beyond small, simple applications.

References

The developers seemed to prefer to work in a progressive way and add a few rules at a time, run their program, and refine it later. Whether this approach would work for a larger program is uncertain.

Playing in the Sandbox: A Study on the Usability of Seccomp (2506.10234 - Alhindi et al., 11 Jun 2025) in Results > Efficiency > Assuming mistakes