[forwarding to linux-man@vger.kernel.org per Alejandro Colomar]

I'm writing to recommend that a pointer to a recent paper be added to the 
"SEE ALSO" section of the manpage for seccomp.

The paper shows how to construct a MODE_STRICT sandbox for "filter" 
software such as compression libraries --- a limited but important special 
case.  It also describes several potential weaknesses with seccomp-based 
confinement.  Both the paper and its code are permanently archived in the 
ACM Digital Library, and both were reviewed meticulously by experts 
including a Google Android seccomp specialist.

https://dl.acm.org/doi/10.1145/3733699

Enjoy!

Terence Kelly
tpkelly @ { acm.org, cs.princeton.edu, eecs.umich.edu }
https://dl.acm.org/profile/81100523747