seccomp (short for secure computing mode) is a simple but solid secure-computing facility (sandboxing mechanism) for the Linux kernel. It was added to version 2.6.12 of the Linux kernel mainline on March 8, 2005. It allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), sigreturn(), read() and write() to already-open file descriptors. Should it attempt any other system calls, the kernel will terminate the process with SIGKILL. In this sense, it does not virtualize the system's resources but isolates the process from them entirely.
seccomp mode is enabled via the prctl(2) system call using the PR_SET_SECCOMP argument. seccomp mode used to be enabled by writing to a file, /proc/self/seccomp, but this method was removed in favor of prctl(). In some kernel versions, seccomp disables the RDTSCx86 instruction.[clarification needed]
seccomp was first devised by Andrea Arcangeli in January 2005 for use in public grid computing and was originally intended as a means of safely running untrusted compute-bound programs.
Arcangeli's CPUShare[dead link] was the only known user of this feature. Writing in February 2009, Linus Torvalds expresses doubt whether seccomp is actually used by anyone. However, a Google engineer replied that Google is exploring using seccomp for sandboxing its Chrome web browser.
As of Chrome version 20, seccomp-bpf is used to sandbox Adobe Flash Player. As of Chrome version 23, seccomp-bpf is used to sandbox the renderers.
Vsftpd uses seccomp-bpf sandboxing as of version 3.0.0.
OpenSSH has supported seccomp-bpf since version 6.0.