From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1271935-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 179131382C5
	for <garchives@archives.gentoo.org>; Sat, 17 Apr 2021 05:39:13 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 08D28E0844;
	Sat, 17 Apr 2021 05:39:12 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 72920E0841
	for <gentoo-commits@lists.gentoo.org>; Sat, 17 Apr 2021 05:39:11 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 1FD59340A2B
	for <gentoo-commits@lists.gentoo.org>; Sat, 17 Apr 2021 05:39:10 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 70D79673
	for <gentoo-commits@lists.gentoo.org>; Sat, 17 Apr 2021 05:39:08 +0000 (UTC)
From: "Mike Frysinger" <vapier@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Mike Frysinger" <vapier@gentoo.org>
Message-ID: <1618635413.24dd6026cab83b17bbf727feb07ced35fe75bb75.vapier@gentoo>
Subject: [gentoo-commits] proj/pax-utils:master commit in: /
X-VCS-Repository: proj/pax-utils
X-VCS-Files: .depend .gitignore Makefile Makefile.am configure.ac porting.h seccomp-bpf.c seccomp-bpf.h security.c
X-VCS-Directories: /
X-VCS-Committer: vapier
X-VCS-Committer-Name: Mike Frysinger
X-VCS-Revision: 24dd6026cab83b17bbf727feb07ced35fe75bb75
X-VCS-Branch: master
Date: Sat, 17 Apr 2021 05:39:08 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 1275a20d-a430-4733-ae1c-2edae733aacd
X-Archives-Hash: 1d6270d28ecb29b03e19b759b2e005c7

commit:     24dd6026cab83b17bbf727feb07ced35fe75bb75
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 27 06:39:20 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Apr 17 04:56:53 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=24dd6026

security: pregen seccomp bpf programs

Since the bpf programs are the same across runs, generate it ahead of
time.  This way we don't have to link against libseccomp and run the
library calls at runtime which helps cut out most overhead.

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 .depend       |  23 ++++--
 .gitignore    |   1 +
 Makefile      |  24 +++---
 Makefile.am   |   2 +
 configure.ac  |   9 ++-
 porting.h     |   3 +
 seccomp-bpf.c | 255 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 seccomp-bpf.h | 226 +++++++++++++++++++++++++++++++++++++++++++++++++++
 security.c    | 214 ++++++------------------------------------------
 9 files changed, 549 insertions(+), 208 deletions(-)

diff --git a/.depend b/.depend
index 5371c1c..aab4f89 100644
--- a/.depend
+++ b/.depend
@@ -1,5 +1,18 @@
-scanelf.o: scanelf.c paxinc.h porting.h elf.h paxelf.h
-pspax.o: pspax.c paxinc.h porting.h elf.h paxelf.h
-dumpelf.o: dumpelf.c paxinc.h porting.h elf.h paxelf.h
-paxelf.o: paxelf.c paxinc.h porting.h elf.h paxelf.h
-paxinc.o: paxinc.c paxinc.h porting.h elf.h paxelf.h
+paxelf.o: paxelf.c paxinc.h porting.h elf.h xfuncs.h security.h paxelf.h \
+ macho.h paxmacho.h
+paxmacho.o: paxmacho.c paxinc.h porting.h elf.h xfuncs.h security.h \
+ paxelf.h macho.h paxmacho.h
+paxinc.o: paxinc.c paxinc.h porting.h elf.h xfuncs.h security.h paxelf.h \
+ macho.h paxmacho.h
+security.o: security.c paxinc.h porting.h elf.h xfuncs.h security.h \
+ paxelf.h macho.h paxmacho.h seccomp-bpf.h
+xfuncs.o: xfuncs.c paxinc.h porting.h elf.h xfuncs.h security.h paxelf.h \
+ macho.h paxmacho.h
+scanelf.o: scanelf.c paxinc.h porting.h elf.h xfuncs.h security.h \
+ paxelf.h macho.h paxmacho.h
+dumpelf.o: dumpelf.c paxinc.h porting.h elf.h xfuncs.h security.h \
+ paxelf.h macho.h paxmacho.h
+pspax.o: pspax.c paxinc.h porting.h elf.h xfuncs.h security.h paxelf.h \
+ macho.h paxmacho.h
+scanmacho.o: scanmacho.c paxinc.h porting.h elf.h xfuncs.h security.h \
+ paxelf.h macho.h paxmacho.h

diff --git a/.gitignore b/.gitignore
index 553ea89..a6bf3ba 100644
--- a/.gitignore
+++ b/.gitignore
@@ -43,6 +43,7 @@ core
 /pspax
 /scanelf
 /scanmacho
+/seccomp-bpf
 /symtree
 
 /man/*.1

diff --git a/Makefile b/Makefile
index 9a2c07c..bb6f167 100644
--- a/Makefile
+++ b/Makefile
@@ -52,11 +52,14 @@ ifeq ($(USE_DEBUG),yes)
 override CPPFLAGS += -DEBUG
 endif
 
-ifeq ($(USE_SECCOMP),yes)
+ifeq ($(BUILD_USE_SECCOMP),yes)
 LIBSECCOMP_CFLAGS := $(shell $(PKG_CONFIG) --cflags libseccomp)
 LIBSECCOMP_LIBS   := $(shell $(PKG_CONFIG) --libs libseccomp)
 override CPPFLAGS += $(LIBSECCOMP_CFLAGS) -DWANT_SECCOMP
-LIBS              += $(LIBSECCOMP_LIBS)
+LIBS-seccomp-bpf  += $(LIBSECCOMP_LIBS)
+endif
+ifeq ($(USE_SECCOMP),yes)
+override CPPFLAGS += -DWANT_SECCOMP
 endif
 
 ifdef PV
@@ -72,8 +75,10 @@ ELF_OBJS     = paxelf.o paxldso.o
 MACH_TARGETS = scanmacho
 MACH_OBJS    = paxmacho.o
 COMMON_OBJS  = paxinc.o security.o xfuncs.o
+BUILD_OBJS   = $(filter-out security.o,$(COMMON_OBJS))
 TARGETS      = $(ELF_TARGETS) $(MACH_TARGETS)
 TARGETS_OBJS = $(TARGETS:%=%.o)
+BUILD_TARGETS= seccomp-bpf
 SCRIPTS_SH   = lddtree symtree
 SCRIPTS_PY   = lddtree
 _OBJS        = $(ELF_OBJS) $(MACH_OBJS) $(COMMON_OBJS)
@@ -139,23 +144,24 @@ ifeq ($(V),)
 endif
 	$(Q)$(compile.c) $(WFLAGS)
 
-$(ELF_TARGETS): %: $(ELF_OBJS) $(COMMON_OBJS) %.o
-	$(CC) $(CFLAGS) $(LDFLAGS) $^ -o $@ $(LIBS) $(LIBS-$@)
+LINK = $(CC) $(CFLAGS) $(LDFLAGS) $^ -o $@ $(LIBS) $(LIBS-$@)
 
-$(MACH_TARGETS): %: $(MACH_OBJS) $(COMMON_OBJS) %.o
-	$(CC) $(CFLAGS) $(LDFLAGS) $^ -o $@ $(LIBS) $(LIBS-$@)
+$(BUILD_TARGETS): %: $(BUILD_OBJS) %.o; $(LINK)
+$(ELF_TARGETS): %: $(ELF_OBJS) $(COMMON_OBJS) %.o; $(LINK)
+$(MACH_TARGETS): %: $(MACH_OBJS) $(COMMON_OBJS) %.o; $(LINK)
 
 $(OBJS_TARGETS): %: $(_OBJS) %.c
 	$(CC) $(CFLAGS) $(CPPFLAGS) -DMAIN $(LDFLAGS) $(filter-out $@.o,$^) -o $@ $(LIBS) $(LIBS-$@)
 
-%.so: %.c
-	$(CC) -shared -fPIC -o $@ $<
+seccomp-bpf.h: seccomp-bpf.c
+	$(MAKE) BUILD_USE_SECCOMP=yes seccomp-bpf
+	./seccomp-bpf > $@
 
 depend:
 	$(CC) $(CFLAGS) -MM $(SOURCES) > .depend
 
 clean:
-	-rm -f $(OBJS) $(TARGETS) $(OBJS_TARGETS)
+	-rm -f $(OBJS) $(TARGETS) $(OBJS_TARGETS) $(BUILD_TARGETS)
 
 distclean: clean
 	-rm -f *~ core *.o

diff --git a/Makefile.am b/Makefile.am
index f369f86..748a7ca 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -92,6 +92,8 @@ EXTRA_DIST += \
 	pylint \
 	scanelf.c \
 	scanmacho.c \
+	seccomp-bpf.c \
+	seccomp-bpf.h \
 	security.c \
 	security.h \
 	symtree.sh \

diff --git a/configure.ac b/configure.ac
index 5ffd5ef..9b96090 100644
--- a/configure.ac
+++ b/configure.ac
@@ -33,9 +33,7 @@ AM_CONDITIONAL([USE_PYTHON], [test "x$with_python" = "xyes"])
 
 AC_ARG_WITH([seccomp], [AS_HELP_STRING([--with-seccomp], [build with seccomp])])
 AS_IF([test "x$with_seccomp" = "xyes"], [
-	PKG_CHECK_MODULES(LIBSECCOMP, libseccomp)
-	CPPFLAGS="$CPPFLAGS $LIBSECCOMP_CFLAGS -DWANT_SECCOMP"
-	LIBS="$LIBS $LIBSECCOMP_LIBS"
+	CPPFLAGS="$CPPFLAGS -DWANT_SECCOMP"
 ])
 
 AX_CFLAGS_WARN_ALL
@@ -62,7 +60,10 @@ m4_foreach_w([flag], [
 	AX_CHECK_COMPILE_FLAG(flag, AS_VAR_APPEND([CFLAGS], " flag"))
 ])
 
-AC_CHECK_HEADERS([linux/securebits.h])
+AC_CHECK_HEADERS_ONCE(m4_flatten([
+	linux/seccomp.h
+	linux/securebits.h
+]))
 
 AC_CONFIG_FILES([
 	Makefile

diff --git a/porting.h b/porting.h
index c4f5fc6..f1bd74f 100644
--- a/porting.h
+++ b/porting.h
@@ -46,6 +46,9 @@
 #endif
 #if defined(__linux__)
 # include <sys/prctl.h>
+# if !defined(HAVE_CONFIG_H) || defined(HAVE_LINUX_SECCOMP_H)
+#  include <linux/seccomp.h>
+# endif
 # if !defined(HAVE_CONFIG_H) || defined(HAVE_LINUX_SECUREBITS_H)
 #  include <linux/securebits.h>
 # endif

diff --git a/seccomp-bpf.c b/seccomp-bpf.c
new file mode 100644
index 0000000..d7246b1
--- /dev/null
+++ b/seccomp-bpf.c
@@ -0,0 +1,255 @@
+/*
+ * Generate the bpf rules ahead of time to speed up runtime.
+ *
+ * Copyright 2015 Gentoo Foundation
+ * Distributed under the terms of the GNU General Public License v2
+ *
+ * Copyright 2015 Mike Frysinger  - <vapier@gentoo.org>
+ */
+
+const char argv0[] = "seccomp-bpf";
+
+#include <err.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/mman.h>
+#include <sys/types.h>
+
+#include <seccomp.h>
+
+#define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))
+
+static const struct {
+	const char *name;
+	uint32_t arch;
+	const char *ifdef;
+} gen_seccomp_arches[] = {
+#define A(arch, ifdef) { #arch, SCMP_ARCH_##arch, ifdef }
+	A(AARCH64,     "defined(__aarch64__)"),
+	A(ARM,         "defined(__arm__)"),
+	A(MIPS,        "defined(__mips__) && defined(__MIPSEB__) && defined(_ABIO32)"),
+	A(MIPS64,      "defined(__mips__) && defined(__MIPSEB__) && defined(_ABI64)"),
+	A(MIPS64N32,   "defined(__mips__) && defined(__MIPSEB__) && defined(_ABIN32)"),
+	A(MIPSEL,      "defined(__mips__) && defined(__MIPSEL__) && defined(_ABIO32)"),
+	A(MIPSEL64,    "defined(__mips__) && defined(__MIPSEL__) && defined(_ABI64)"),
+	A(MIPSEL64N32, "defined(__mips__) && defined(__MIPSEL__) && defined(_ABIN32)"),
+	A(PARISC,      "defined(__hppa__) && !defined(__hppa64__)"),
+	A(PARISC64,    "defined(__hppa__) &&  defined(__hppa64__)"),
+	A(PPC,         "defined(__powerpc__) && !defined(__powerpc64__) &&  defined(__BIG_ENDIAN__)"),
+	A(PPC64,       "defined(__powerpc__) &&  defined(__powerpc64__) &&  defined(__BIG_ENDIAN__)"),
+	A(PPC64LE,     "defined(__powerpc__) &&  defined(__powerpc64__) && !defined(__BIG_ENDIAN__)"),
+	A(RISCV64,     "defined(__riscv) && __riscv_xlen == 64"),
+	A(S390,        "defined(__s390__) && !defined(__s390x__)"),
+	A(S390X,       "defined(__s390__) &&  defined(__s390x__)"),
+	A(X86,         "defined(__i386__)"),
+	A(X32,         "defined(__x86_64__) &&  defined(__ILP32__)"),
+	A(X86_64,      "defined(__x86_64__) && !defined(__ILP32__)"),
+#undef A
+};
+
+/* Simple helper to add all of the syscalls in an array. */
+static int gen_seccomp_rules_add(scmp_filter_ctx ctx, int syscalls[], size_t num)
+{
+	static uint8_t prio;
+	size_t i;
+	for (i = 0; i < num; ++i) {
+		if (seccomp_syscall_priority(ctx, syscalls[i], prio++) < 0) {
+			warn("seccomp_syscall_priority failed");
+			return -1;
+		}
+		if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, syscalls[i], 0) < 0) {
+			warn("seccomp_rule_add failed");
+			return -1;
+		}
+	}
+	return 0;
+}
+#define gen_seccomp_rules_add(ctx, syscalls) gen_seccomp_rules_add(ctx, syscalls, ARRAY_SIZE(syscalls))
+
+static void gen_seccomp_dump(scmp_filter_ctx ctx, const char *name)
+{
+	unsigned char buf[32768 * 8];
+	ssize_t i, len;
+	int fd;
+
+	fd = memfd_create("bpf", MFD_CLOEXEC);
+	if (fd < 0)
+		err(1, "memfd_create failed");
+	if (seccomp_export_bpf(ctx, fd) < 0)
+		err(1, "seccomp_export_bpf_mem failed");
+	if (lseek(fd, 0, SEEK_SET) != 0)
+		err(1, "seek failed");
+	len = read(fd, buf, sizeof(buf));
+	if (len <= 0)
+		err(1, "read failed");
+
+	printf("static const unsigned char seccomp_bpf_blks_%s[] = {\n\t", name);
+	for (i = 0; i < len; ++i)
+		printf("%u,", buf[i]);
+	printf("\n};\n");
+}
+
+static void gen_seccomp_program(const char *name)
+{
+	printf(
+		"static const seccomp_bpf_program_t seccomp_bpf_program_%s = {\n"
+		"	.cnt = sizeof(seccomp_bpf_blks_%s) / 8,\n"
+		"	.bpf = seccomp_bpf_blks_%s,\n"
+		"};\n", name, name, name);
+}
+
+int main(void)
+{
+	/* Order determines priority (first == lowest prio).  */
+	int base_syscalls[] = {
+		/* We write the most w/scanelf.  */
+		SCMP_SYS(write),
+
+		/* Then the stat family of functions.  */
+		SCMP_SYS(newfstatat),
+		SCMP_SYS(fstat),
+		SCMP_SYS(fstat64),
+		SCMP_SYS(fstatat64),
+		SCMP_SYS(lstat),
+		SCMP_SYS(lstat64),
+		SCMP_SYS(stat),
+		SCMP_SYS(stat64),
+		SCMP_SYS(statx),
+
+		/* Then the fd close func.  */
+		SCMP_SYS(close),
+
+		/* Then fd open family of functions.  */
+		SCMP_SYS(open),
+		SCMP_SYS(openat),
+
+		/* Then the memory mapping functions.  */
+		SCMP_SYS(mmap),
+		SCMP_SYS(mmap2),
+		SCMP_SYS(munmap),
+
+		/* Then the directory reading functions.  */
+		SCMP_SYS(getdents),
+		SCMP_SYS(getdents64),
+
+		/* Then the file reading functions.  */
+		SCMP_SYS(pread64),
+		SCMP_SYS(read),
+
+		/* Then the fd manipulation functions.  */
+		SCMP_SYS(fcntl),
+		SCMP_SYS(fcntl64),
+
+		/* After this point, just sort the list alphabetically.  */
+		SCMP_SYS(access),
+		SCMP_SYS(brk),
+		SCMP_SYS(capget),
+		SCMP_SYS(chdir),
+		SCMP_SYS(exit),
+		SCMP_SYS(exit_group),
+		SCMP_SYS(faccessat),
+#ifndef __SNR_faccessat2
+/* faccessat2 is not yet defined in libseccomp-2.5.1 */
+# define __SNR_faccessat2 __NR_faccessat2
+#endif
+		SCMP_SYS(faccessat2),
+		SCMP_SYS(fchdir),
+		SCMP_SYS(getpid),
+		SCMP_SYS(gettid),
+		SCMP_SYS(ioctl),
+		SCMP_SYS(lseek),
+		SCMP_SYS(_llseek),
+		SCMP_SYS(mprotect),
+
+		/* Syscalls listed because of sandbox.  */
+		SCMP_SYS(readlink),
+
+		/* Syscalls listed because of fakeroot.  */
+		SCMP_SYS(msgget),
+		SCMP_SYS(msgrcv),
+		SCMP_SYS(msgsnd),
+		SCMP_SYS(semget),
+		SCMP_SYS(semop),
+		SCMP_SYS(semtimedop),
+		/*
+		 * Some targets (e.g. ppc & i386) implement the above functions
+		 * as ipc() subcalls.  #675378
+		 */
+		SCMP_SYS(ipc),
+	};
+	int fork_syscalls[] = {
+		SCMP_SYS(clone),
+		SCMP_SYS(execve),
+		SCMP_SYS(fork),
+		SCMP_SYS(rt_sigaction),
+		SCMP_SYS(rt_sigprocmask),
+		SCMP_SYS(unshare),
+		SCMP_SYS(vfork),
+		SCMP_SYS(wait4),
+		SCMP_SYS(waitid),
+		SCMP_SYS(waitpid),
+	};
+
+	/* TODO: Handle debug and KILL vs TRAP. */
+
+	scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_KILL);
+	if (!ctx)
+		err(1, "seccomp_init failed");
+
+	printf("/* AUTO GENERATED; see seccomp-bpf.c for details. */\n");
+	printf("#undef SECCOMP_BPF_AVAILABLE\n");
+
+	if (seccomp_arch_remove(ctx, seccomp_arch_native()) < 0)
+		err(1, "seccomp_arch_remove failed");
+
+	for (size_t i = 0; i < ARRAY_SIZE(gen_seccomp_arches); ++i) {
+		uint32_t arch = gen_seccomp_arches[i].arch;
+
+		seccomp_reset(ctx, SCMP_ACT_KILL);
+
+		if (arch != seccomp_arch_native()) {
+			if (seccomp_arch_remove(ctx, seccomp_arch_native()) < 0)
+				err(1, "seccomp_arch_remove failed");
+			if (seccomp_arch_add(ctx, arch) < 0)
+				err(1, "seccomp_arch_add failed");
+		}
+
+		printf("\n#if %s\n", gen_seccomp_arches[i].ifdef);
+		printf("/* %s */\n", gen_seccomp_arches[i].name);
+		printf("#define SECCOMP_BPF_AVAILABLE\n");
+
+		if (gen_seccomp_rules_add(ctx, base_syscalls) < 0)
+			err(1, "seccomp_rules_add failed");
+		gen_seccomp_dump(ctx, "base");
+
+		if (gen_seccomp_rules_add(ctx, fork_syscalls) < 0)
+			err(1, "seccomp_rules_add failed");
+		gen_seccomp_dump(ctx, "fork");
+
+		if (0) {
+			printf("/*\n");
+			fflush(stdout);
+			seccomp_export_pfc(ctx, 1);
+			fflush(stdout);
+			printf("*/\n");
+		}
+
+		printf("#endif\n");
+	}
+
+	printf(
+		"\n"
+		"#ifdef SECCOMP_BPF_AVAILABLE\n"
+		"typedef struct {\n"
+		"	uint16_t cnt;\n"
+		"	const void *bpf;\n"
+		"} seccomp_bpf_program_t;\n");
+	gen_seccomp_program("base");
+	gen_seccomp_program("fork");
+	printf("#endif\n");
+
+	seccomp_release(ctx);
+
+	return 0;
+}

diff --git a/seccomp-bpf.h b/seccomp-bpf.h
new file mode 100644
index 0000000..dfb7716
--- /dev/null
+++ b/seccomp-bpf.h
@@ -0,0 +1,226 @@
+/* AUTO GENERATED; see seccomp-bpf.c for details. */
+#undef SECCOMP_BPF_AVAILABLE
+
+#if defined(__aarch64__)
+/* AARCH64 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	32,0,0,0,4,0,0,0,21,0,0,33,183,0,0,192,32,0,0,0,0,0,0,0,21,0,30,0,192,0,0,0,21,0,29,0,193,0,0,0,21,0,28,0,190,0,0,0,21,0,27,0,189,0,0,0,21,0,26,0,188,0,0,0,21,0,25,0,186,0,0,0,21,0,24,0,226,0,0,0,21,0,23,0,62,0,0,0,21,0,22,0,29,0,0,0,21,0,21,0,178,0,0,0,21,0,20,0,172,0,0,0,21,0,19,0,50,0,0,0,21,0,18,0,183,1,0,0,21,0,17,0,48,0,0,0,21,0,16,0,94,0,0,0,21,0,15,0,93,0,0,0,21,0,14,0,49,0,0,0,21,0,13,0,90,0,0,0,21,0,12,0,214,0,0,0,21,0,11,0,25,0,0,0,21,0,10,0,63,0,0,0,21,0,9,0,67,0,0,0,21,0,8,0,61,0,0,0,21,0,7,0,215,0,0,0,21,0,6,0,222,0,0,0,21,0,5,0,56,0,0,0,21,0,4,0,57,0,0,0,21,0,3,0,35,1,0,0,21,0,2,0,80,0,0,0,21,0,1,0,79,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	32,0,0,0,4,0,0,0,21,0,0,40,183,0,0,192,32,0,0,0,0,0,0,0,21,0,37,0,95,0,0,0,21,0,36,0,4,1,0,0,21,0,35,0,97,0,0,0,21,0,34,0,135,0,0,0,21,0,33,0,134,0,0,0,21,0,32,0,221,0,0,0,21,0,31,0,220,0,0,0,21,0,30,0,192,0,0,0,21,0,29,0,193,0,0,0,21,0,28,0,190,0,0,0,21,0,27,0,189,0,0,0,21,0,26,0,188,0,0,0,21,0,25,0,186,0,0,0,21,0,24,0,226,0,0,0,21,0,23,0,62,0,0,0,21,0,22,0,29,0,0,0,21,0,21,0,178,0,0,0,21,0,20,0,172,0,0,0,21,0,19,0,50,0,0,0,21,0,18,0,183,1,0,0,21,0,17,0,48,0,0,0,21,0,16,0,94,0,0,0,21,0,15,0,93,0,0,0,21,0,14,0,49,0,0,0,21,0,13,0,90,0,0,0,21,0,12,0,214,0,0,0,21,0,11,0,25,0,0,0,21,0,10,0,63,0,0,0,21,0,9,0,67,0,0,0,21,0,8,0,61,0,0,0,21,0,7,0,215,0,0,0,21,0,6,0,222,0,0,0,21,0,5,0,56,0,0,0,21,0,4,0,57,0,0,0,21,0,3,0,35,1,0,0,21,0,2,0,80,0,0,0,21,0,1,0,79,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__arm__)
+/* ARM */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	32,0,0,0,4,0,0,0,21,0,0,44,40,0,0,64,32,0,0,0,0,0,0,0,21,0,41,0,56,1,0,0,21,0,40,0,42,1,0,0,21,0,39,0,43,1,0,0,21,0,38,0,45,1,0,0,21,0,37,0,46,1,0,0,21,0,36,0,47,1,0,0,21,0,35,0,85,0,0,0,21,0,34,0,125,0,0,0,21,0,33,0,140,0,0,0,21,0,32,0,19,0,0,0,21,0,31,0,54,0,0,0,21,0,30,0,224,0,0,0,21,0,29,0,20,0,0,0,21,0,28,0,133,0,0,0,21,0,27,0,183,1,0,0,21,0,26,0,78,1,0,0,21,0,25,0,248,0,0,0,21,0,24,0,1,0,0,0,21,0,23,0,12,0,0,0,21,0,22,0,184,0,0,0,21,0,21,0,45,0,0,0,21,0,20,0,33,0,0,0,21,0,19,0,221,0,0,0,21,0,18,0,55,0,0,0,21,0,17,0,3,0,0,0,21,0,16,0,180,0,0,0,21,0,15,0,217,0,0,0,21,0,14,0,141,0,0,0,21,0,13,0,91,0,0,0,21,0,12,0,192,0,0,0,21,0,11,0,66,1,0,0,21,0,10,0,5,0,0,0,21,0,9,0,6,0,0,0,21,0,8,0,141,1,0,0,21,0,7,0,195,0,0,0,21,0,6,0,106,0,0,0,21,0,5,0,196,0,0,0,21,0,4,0,107,0,0,0,21,0,3,0,71,1,0,0,21,0,2,0,197,0,0,0,21,0,1,0,108,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	32,0,0,0,4,0,0,0,21,0,0,53,40,0,0,64,32,0,0,0,0,0,0,0,21,0,50,0,24,1,0,0,21,0,49,0,114,0,0,0,21,0,48,0,190,0,0,0,21,0,47,0,81,1,0,0,21,0,46,0,175,0,0,0,21,0,45,0,174,0,0,0,21,0,44,0,2,0,0,0,21,0,43,0,11,0,0,0,21,0,42,0,120,0,0,0,21,0,41,0,56,1,0,0,21,0,40,0,42,1,0,0,21,0,39,0,43,1,0,0,21,0,38,0,45,1,0,0,21,0,37,0,46,1,0,0,21,0,36,0,47,1,0,0,21,0,35,0,85,0,0,0,21,0,34,0,125,0,0,0,21,0,33,0,140,0,0,0,21,0,32,0,19,0,0,0,21,0,31,0,54,0,0,0,21,0,30,0,224,0,0,0,21,0,29,0,20,0,0,0,21,0,28,0,133,0,0,0,21,0,27,0,183,1,0,0,21,0,26,0,78,1,0,0,21,0,25,0,248,0,0,0,21,0,24,0,1,0,0,0,21,0,23,0,12,0,0,0,21,0,22,0,184,0,0,0,21,0,21,0,45,0,0,0,21,0,20,0,33,0,0,0,21,0,19,0,221,0,0,0,21,0,18,0,55,0,0,0,21,0,17,0,3,0,0,0,21,0,16,0,180,0,0,0,21,0,15,0,217,0,0,0,21,0,14,0,141,0,0,0,21,0,13,0,91,0,0,0,21,0,12,0,192,0,0,0,21,0,11,0,66,1,0,0,21,0,10,0,5,0,0,0,21,0,9,0,6,0,0,0,21,0,8,0,141,1,0,0,21,0,7,0,195,0,0,0,21,0,6,0,106,0,0,0,21,0,5,0,196,0,0,0,21,0,4,0,107,0,0,0,21,0,3,0,71,1,0,0,21,0,2,0,197,0,0,0,2
 1,0,1,0,108,0,0,0,21,0,0,1,4,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__mips__) && defined(__MIPSEB__) && defined(_ABIO32)
+/* MIPS */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	0,32,0,0,0,0,0,4,0,21,0,44,0,0,0,8,0,32,0,0,0,0,0,0,0,21,41,0,0,0,16,21,0,21,40,0,0,0,17,41,0,21,39,0,0,0,17,48,0,21,38,0,0,0,17,49,0,21,37,0,0,0,17,47,0,21,36,0,0,0,15,245,0,21,35,0,0,0,16,29,0,21,34,0,0,0,16,44,0,21,33,0,0,0,15,179,0,21,32,0,0,0,15,214,0,21,31,0,0,0,16,126,0,21,30,0,0,0,15,180,0,21,29,0,0,0,16,37,0,21,28,0,0,0,17,87,0,21,27,0,0,0,16,204,0,21,26,0,0,0,16,150,0,21,25,0,0,0,15,161,0,21,24,0,0,0,15,172,0,21,23,0,0,0,16,108,0,21,22,0,0,0,15,205,0,21,21,0,0,0,15,193,0,21,20,0,0,0,16,124,0,21,19,0,0,0,15,215,0,21,18,0,0,0,15,163,0,21,17,0,0,0,16,104,0,21,16,0,0,0,16,123,0,21,15,0,0,0,16,45,0,21,14,0,0,0,15,251,0,21,13,0,0,0,16,114,0,21,12,0,0,0,15,250,0,21,11,0,0,0,16,192,0,21,10,0,0,0,15,165,0,21,9,0,0,0,15,166,0,21,8,0,0,0,17,14,0,21,7,0,0,0,16,117,0,21,6,0,0,0,16,10,0,21,5,0,0,0,16,118,0,21,4,0,0,0,16,11,0,21,3,0,0,0,16,197,0,21,2,0,0,0,16,119,0,21,1,0,0,0,16,12,0,21,0,1,0,0,15,164,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	0,32,0,0,0,0,0,4,0,21,0,53,0,0,0,8,0,32,0,0,0,0,0,0,0,21,50,0,0,0,15,167,0,21,49,0,0,0,16,182,0,21,48,0,0,0,16,18,0,21,47,0,0,0,16,207,0,21,46,0,0,0,16,99,0,21,45,0,0,0,16,98,0,21,44,0,0,0,15,162,0,21,43,0,0,0,15,171,0,21,42,0,0,0,16,24,0,21,41,0,0,0,16,21,0,21,40,0,0,0,17,41,0,21,39,0,0,0,17,48,0,21,38,0,0,0,17,49,0,21,37,0,0,0,17,47,0,21,36,0,0,0,15,245,0,21,35,0,0,0,16,29,0,21,34,0,0,0,16,44,0,21,33,0,0,0,15,179,0,21,32,0,0,0,15,214,0,21,31,0,0,0,16,126,0,21,30,0,0,0,15,180,0,21,29,0,0,0,16,37,0,21,28,0,0,0,17,87,0,21,27,0,0,0,16,204,0,21,26,0,0,0,16,150,0,21,25,0,0,0,15,161,0,21,24,0,0,0,15,172,0,21,23,0,0,0,16,108,0,21,22,0,0,0,15,205,0,21,21,0,0,0,15,193,0,21,20,0,0,0,16,124,0,21,19,0,0,0,15,215,0,21,18,0,0,0,15,163,0,21,17,0,0,0,16,104,0,21,16,0,0,0,16,123,0,21,15,0,0,0,16,45,0,21,14,0,0,0,15,251,0,21,13,0,0,0,16,114,0,21,12,0,0,0,15,250,0,21,11,0,0,0,16,192,0,21,10,0,0,0,15,165,0,21,9,0,0,0,15,166,0,21,8,0,0,0,17,14,0,21,7,0,0,0,16,117,0,21,6,0,0,0,16,10,0,21,5,0,0,0,16,118
 ,0,21,4,0,0,0,16,11,0,21,3,0,0,0,16,197,0,21,2,0,0,0,16,119,0,21,1,0,0,0,16,12,0,21,0,1,0,0,15,164,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__mips__) && defined(__MIPSEB__) && defined(_ABI64)
+/* MIPS64 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	0,32,0,0,0,0,0,4,0,21,0,39,128,0,0,8,0,32,0,0,0,0,0,0,0,21,36,0,0,0,20,94,0,21,35,0,0,0,19,199,0,21,34,0,0,0,19,198,0,21,33,0,0,0,19,203,0,21,32,0,0,0,19,204,0,21,31,0,0,0,19,202,0,21,30,0,0,0,19,223,0,21,29,0,0,0,19,146,0,21,28,0,0,0,19,144,0,21,27,0,0,0,19,151,0,21,26,0,0,0,20,58,0,21,25,0,0,0,19,174,0,21,24,0,0,0,19,215,0,21,23,0,0,0,21,63,0,21,22,0,0,0,20,139,0,21,21,0,0,0,20,85,0,21,20,0,0,0,19,194,0,21,19,0,0,0,19,214,0,21,18,0,0,0,20,3,0,21,17,0,0,0,19,148,0,21,16,0,0,0,19,156,0,21,15,0,0,0,19,206,0,21,14,0,0,0,19,136,0,21,13,0,0,0,19,152,0,21,12,0,0,0,20,188,0,21,11,0,0,0,19,212,0,21,10,0,0,0,19,147,0,21,9,0,0,0,19,145,0,21,8,0,0,0,20,127,0,21,7,0,0,0,19,138,0,21,6,0,0,0,19,139,0,21,5,0,0,0,20,206,0,21,4,0,0,0,19,140,0,21,3,0,0,0,19,142,0,21,2,0,0,0,19,141,0,21,1,0,0,0,20,132,0,21,0,1,0,0,19,137,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	0,32,0,0,0,0,0,4,0,21,0,47,128,0,0,8,0,32,0,0,0,0,0,0,0,21,44,0,0,0,20,117,0,21,43,0,0,0,19,195,0,21,42,0,0,0,20,142,0,21,41,0,0,0,19,150,0,21,40,0,0,0,19,149,0,21,39,0,0,0,19,192,0,21,38,0,0,0,19,193,0,21,37,0,0,0,19,191,0,21,36,0,0,0,20,94,0,21,35,0,0,0,19,199,0,21,34,0,0,0,19,198,0,21,33,0,0,0,19,203,0,21,32,0,0,0,19,204,0,21,31,0,0,0,19,202,0,21,30,0,0,0,19,223,0,21,29,0,0,0,19,146,0,21,28,0,0,0,19,144,0,21,27,0,0,0,19,151,0,21,26,0,0,0,20,58,0,21,25,0,0,0,19,174,0,21,24,0,0,0,19,215,0,21,23,0,0,0,21,63,0,21,22,0,0,0,20,139,0,21,21,0,0,0,20,85,0,21,20,0,0,0,19,194,0,21,19,0,0,0,19,214,0,21,18,0,0,0,20,3,0,21,17,0,0,0,19,148,0,21,16,0,0,0,19,156,0,21,15,0,0,0,19,206,0,21,14,0,0,0,19,136,0,21,13,0,0,0,19,152,0,21,12,0,0,0,20,188,0,21,11,0,0,0,19,212,0,21,10,0,0,0,19,147,0,21,9,0,0,0,19,145,0,21,8,0,0,0,20,127,0,21,7,0,0,0,19,138,0,21,6,0,0,0,19,139,0,21,5,0,0,0,20,206,0,21,4,0,0,0,19,140,0,21,3,0,0,0,19,142,0,21,2,0,0,0,19,141,0,21,1,0,0,0,20,132,0,21,0,1,0,0,19,137,0,6,0,0,127,2
 55,0,0,0,6,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__mips__) && defined(__MIPSEB__) && defined(_ABIN32)
+/* MIPS64N32 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	0,32,0,0,0,0,0,4,0,21,0,40,160,0,0,8,0,32,0,0,0,0,0,0,0,21,37,0,0,0,23,120,0,21,36,0,0,0,23,127,0,21,35,0,0,0,24,34,0,21,34,0,0,0,23,150,0,21,33,0,0,0,23,191,0,21,32,0,0,0,25,39,0,21,31,0,0,0,24,119,0,21,30,0,0,0,24,61,0,21,29,0,0,0,23,170,0,21,28,0,0,0,23,190,0,21,27,0,0,0,23,235,0,21,26,0,0,0,23,124,0,21,25,0,0,0,23,132,0,21,24,0,0,0,24,68,0,21,23,0,0,0,23,182,0,21,22,0,0,0,23,112,0,21,21,0,0,0,23,128,0,21,20,0,0,0,24,155,0,21,19,0,0,0,23,188,0,21,18,0,0,0,23,123,0,21,17,0,0,0,23,121,0,21,16,0,0,0,24,107,0,21,15,0,0,0,23,114,0,21,14,0,0,0,23,115,0,21,13,0,0,0,24,186,0,21,12,0,0,0,23,116,0,21,11,0,0,0,23,118,0,21,10,0,0,0,23,117,0,21,9,0,0,0,24,112,0,21,8,0,0,0,23,113,0,21,7,0,0,0,24,71,0,21,6,0,0,0,23,175,0,21,5,0,0,0,23,174,0,21,4,0,0,0,23,179,0,21,3,0,0,0,23,180,0,21,2,0,0,0,23,178,0,21,1,0,0,0,23,199,0,21,0,1,0,0,23,122,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	0,32,0,0,0,0,0,4,0,21,0,48,160,0,0,8,0,32,0,0,0,0,0,0,0,21,45,0,0,0,23,120,0,21,44,0,0,0,23,127,0,21,43,0,0,0,24,34,0,21,42,0,0,0,23,150,0,21,41,0,0,0,23,191,0,21,40,0,0,0,25,39,0,21,39,0,0,0,24,119,0,21,38,0,0,0,24,61,0,21,37,0,0,0,23,170,0,21,36,0,0,0,23,190,0,21,35,0,0,0,23,235,0,21,34,0,0,0,23,124,0,21,33,0,0,0,23,132,0,21,32,0,0,0,24,68,0,21,31,0,0,0,23,182,0,21,30,0,0,0,23,112,0,21,29,0,0,0,23,128,0,21,28,0,0,0,24,155,0,21,27,0,0,0,23,188,0,21,26,0,0,0,23,123,0,21,25,0,0,0,23,121,0,21,24,0,0,0,24,107,0,21,23,0,0,0,23,114,0,21,22,0,0,0,23,115,0,21,21,0,0,0,24,186,0,21,20,0,0,0,23,116,0,21,19,0,0,0,23,118,0,21,18,0,0,0,23,117,0,21,17,0,0,0,24,112,0,21,16,0,0,0,23,113,0,21,15,0,0,0,24,97,0,21,14,0,0,0,23,171,0,21,13,0,0,0,24,122,0,21,12,0,0,0,23,126,0,21,11,0,0,0,23,125,0,21,10,0,0,0,23,168,0,21,9,0,0,0,23,169,0,21,8,0,0,0,23,167,0,21,7,0,0,0,24,71,0,21,6,0,0,0,23,175,0,21,5,0,0,0,23,174,0,21,4,0,0,0,23,179,0,21,3,0,0,0,23,180,0,21,2,0,0,0,23,178,0,21,1,0,0,0,23,199,0,21,0,1,0,0
 ,23,122,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__mips__) && defined(__MIPSEL__) && defined(_ABIO32)
+/* MIPSEL */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	32,0,0,0,4,0,0,0,21,0,0,44,8,0,0,64,32,0,0,0,0,0,0,0,21,0,41,0,21,16,0,0,21,0,40,0,41,17,0,0,21,0,39,0,48,17,0,0,21,0,38,0,49,17,0,0,21,0,37,0,47,17,0,0,21,0,36,0,245,15,0,0,21,0,35,0,29,16,0,0,21,0,34,0,44,16,0,0,21,0,33,0,179,15,0,0,21,0,32,0,214,15,0,0,21,0,31,0,126,16,0,0,21,0,30,0,180,15,0,0,21,0,29,0,37,16,0,0,21,0,28,0,87,17,0,0,21,0,27,0,204,16,0,0,21,0,26,0,150,16,0,0,21,0,25,0,161,15,0,0,21,0,24,0,172,15,0,0,21,0,23,0,108,16,0,0,21,0,22,0,205,15,0,0,21,0,21,0,193,15,0,0,21,0,20,0,124,16,0,0,21,0,19,0,215,15,0,0,21,0,18,0,163,15,0,0,21,0,17,0,104,16,0,0,21,0,16,0,123,16,0,0,21,0,15,0,45,16,0,0,21,0,14,0,251,15,0,0,21,0,13,0,114,16,0,0,21,0,12,0,250,15,0,0,21,0,11,0,192,16,0,0,21,0,10,0,165,15,0,0,21,0,9,0,166,15,0,0,21,0,8,0,14,17,0,0,21,0,7,0,117,16,0,0,21,0,6,0,10,16,0,0,21,0,5,0,118,16,0,0,21,0,4,0,11,16,0,0,21,0,3,0,197,16,0,0,21,0,2,0,119,16,0,0,21,0,1,0,12,16,0,0,21,0,0,1,164,15,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	32,0,0,0,4,0,0,0,21,0,0,53,8,0,0,64,32,0,0,0,0,0,0,0,21,0,50,0,167,15,0,0,21,0,49,0,182,16,0,0,21,0,48,0,18,16,0,0,21,0,47,0,207,16,0,0,21,0,46,0,99,16,0,0,21,0,45,0,98,16,0,0,21,0,44,0,162,15,0,0,21,0,43,0,171,15,0,0,21,0,42,0,24,16,0,0,21,0,41,0,21,16,0,0,21,0,40,0,41,17,0,0,21,0,39,0,48,17,0,0,21,0,38,0,49,17,0,0,21,0,37,0,47,17,0,0,21,0,36,0,245,15,0,0,21,0,35,0,29,16,0,0,21,0,34,0,44,16,0,0,21,0,33,0,179,15,0,0,21,0,32,0,214,15,0,0,21,0,31,0,126,16,0,0,21,0,30,0,180,15,0,0,21,0,29,0,37,16,0,0,21,0,28,0,87,17,0,0,21,0,27,0,204,16,0,0,21,0,26,0,150,16,0,0,21,0,25,0,161,15,0,0,21,0,24,0,172,15,0,0,21,0,23,0,108,16,0,0,21,0,22,0,205,15,0,0,21,0,21,0,193,15,0,0,21,0,20,0,124,16,0,0,21,0,19,0,215,15,0,0,21,0,18,0,163,15,0,0,21,0,17,0,104,16,0,0,21,0,16,0,123,16,0,0,21,0,15,0,45,16,0,0,21,0,14,0,251,15,0,0,21,0,13,0,114,16,0,0,21,0,12,0,250,15,0,0,21,0,11,0,192,16,0,0,21,0,10,0,165,15,0,0,21,0,9,0,166,15,0,0,21,0,8,0,14,17,0,0,21,0,7,0,117,16,0,0,21,0,6,0,10,16,0,0,21,0,5,0,118,16,0,
 0,21,0,4,0,11,16,0,0,21,0,3,0,197,16,0,0,21,0,2,0,119,16,0,0,21,0,1,0,12,16,0,0,21,0,0,1,164,15,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__mips__) && defined(__MIPSEL__) && defined(_ABI64)
+/* MIPSEL64 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	32,0,0,0,4,0,0,0,21,0,0,39,8,0,0,192,32,0,0,0,0,0,0,0,21,0,36,0,94,20,0,0,21,0,35,0,199,19,0,0,21,0,34,0,198,19,0,0,21,0,33,0,203,19,0,0,21,0,32,0,204,19,0,0,21,0,31,0,202,19,0,0,21,0,30,0,223,19,0,0,21,0,29,0,146,19,0,0,21,0,28,0,144,19,0,0,21,0,27,0,151,19,0,0,21,0,26,0,58,20,0,0,21,0,25,0,174,19,0,0,21,0,24,0,215,19,0,0,21,0,23,0,63,21,0,0,21,0,22,0,139,20,0,0,21,0,21,0,85,20,0,0,21,0,20,0,194,19,0,0,21,0,19,0,214,19,0,0,21,0,18,0,3,20,0,0,21,0,17,0,148,19,0,0,21,0,16,0,156,19,0,0,21,0,15,0,206,19,0,0,21,0,14,0,136,19,0,0,21,0,13,0,152,19,0,0,21,0,12,0,188,20,0,0,21,0,11,0,212,19,0,0,21,0,10,0,147,19,0,0,21,0,9,0,145,19,0,0,21,0,8,0,127,20,0,0,21,0,7,0,138,19,0,0,21,0,6,0,139,19,0,0,21,0,5,0,206,20,0,0,21,0,4,0,140,19,0,0,21,0,3,0,142,19,0,0,21,0,2,0,141,19,0,0,21,0,1,0,132,20,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	32,0,0,0,4,0,0,0,21,0,0,47,8,0,0,192,32,0,0,0,0,0,0,0,21,0,44,0,117,20,0,0,21,0,43,0,195,19,0,0,21,0,42,0,142,20,0,0,21,0,41,0,150,19,0,0,21,0,40,0,149,19,0,0,21,0,39,0,192,19,0,0,21,0,38,0,193,19,0,0,21,0,37,0,191,19,0,0,21,0,36,0,94,20,0,0,21,0,35,0,199,19,0,0,21,0,34,0,198,19,0,0,21,0,33,0,203,19,0,0,21,0,32,0,204,19,0,0,21,0,31,0,202,19,0,0,21,0,30,0,223,19,0,0,21,0,29,0,146,19,0,0,21,0,28,0,144,19,0,0,21,0,27,0,151,19,0,0,21,0,26,0,58,20,0,0,21,0,25,0,174,19,0,0,21,0,24,0,215,19,0,0,21,0,23,0,63,21,0,0,21,0,22,0,139,20,0,0,21,0,21,0,85,20,0,0,21,0,20,0,194,19,0,0,21,0,19,0,214,19,0,0,21,0,18,0,3,20,0,0,21,0,17,0,148,19,0,0,21,0,16,0,156,19,0,0,21,0,15,0,206,19,0,0,21,0,14,0,136,19,0,0,21,0,13,0,152,19,0,0,21,0,12,0,188,20,0,0,21,0,11,0,212,19,0,0,21,0,10,0,147,19,0,0,21,0,9,0,145,19,0,0,21,0,8,0,127,20,0,0,21,0,7,0,138,19,0,0,21,0,6,0,139,19,0,0,21,0,5,0,206,20,0,0,21,0,4,0,140,19,0,0,21,0,3,0,142,19,0,0,21,0,2,0,141,19,0,0,21,0,1,0,132,20,0,0,21,0,0,1,137,19,0,0,6,0,0,0,0,0,2
 55,127,6,0,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__mips__) && defined(__MIPSEL__) && defined(_ABIN32)
+/* MIPSEL64N32 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	32,0,0,0,4,0,0,0,21,0,0,40,8,0,0,224,32,0,0,0,0,0,0,0,21,0,37,0,71,24,0,0,21,0,36,0,175,23,0,0,21,0,35,0,174,23,0,0,21,0,34,0,179,23,0,0,21,0,33,0,180,23,0,0,21,0,32,0,178,23,0,0,21,0,31,0,199,23,0,0,21,0,30,0,122,23,0,0,21,0,29,0,120,23,0,0,21,0,28,0,127,23,0,0,21,0,27,0,34,24,0,0,21,0,26,0,150,23,0,0,21,0,25,0,191,23,0,0,21,0,24,0,39,25,0,0,21,0,23,0,119,24,0,0,21,0,22,0,61,24,0,0,21,0,21,0,170,23,0,0,21,0,20,0,190,23,0,0,21,0,19,0,235,23,0,0,21,0,18,0,124,23,0,0,21,0,17,0,132,23,0,0,21,0,16,0,68,24,0,0,21,0,15,0,182,23,0,0,21,0,14,0,112,23,0,0,21,0,13,0,128,23,0,0,21,0,12,0,155,24,0,0,21,0,11,0,188,23,0,0,21,0,10,0,123,23,0,0,21,0,9,0,121,23,0,0,21,0,8,0,107,24,0,0,21,0,7,0,114,23,0,0,21,0,6,0,115,23,0,0,21,0,5,0,186,24,0,0,21,0,4,0,116,23,0,0,21,0,3,0,118,23,0,0,21,0,2,0,117,23,0,0,21,0,1,0,112,24,0,0,21,0,0,1,113,23,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	32,0,0,0,4,0,0,0,21,0,0,48,8,0,0,224,32,0,0,0,0,0,0,0,21,0,45,0,97,24,0,0,21,0,44,0,171,23,0,0,21,0,43,0,122,24,0,0,21,0,42,0,126,23,0,0,21,0,41,0,125,23,0,0,21,0,40,0,168,23,0,0,21,0,39,0,169,23,0,0,21,0,38,0,167,23,0,0,21,0,37,0,71,24,0,0,21,0,36,0,175,23,0,0,21,0,35,0,174,23,0,0,21,0,34,0,179,23,0,0,21,0,33,0,180,23,0,0,21,0,32,0,178,23,0,0,21,0,31,0,199,23,0,0,21,0,30,0,122,23,0,0,21,0,29,0,120,23,0,0,21,0,28,0,127,23,0,0,21,0,27,0,34,24,0,0,21,0,26,0,150,23,0,0,21,0,25,0,191,23,0,0,21,0,24,0,39,25,0,0,21,0,23,0,119,24,0,0,21,0,22,0,61,24,0,0,21,0,21,0,170,23,0,0,21,0,20,0,190,23,0,0,21,0,19,0,235,23,0,0,21,0,18,0,124,23,0,0,21,0,17,0,132,23,0,0,21,0,16,0,68,24,0,0,21,0,15,0,182,23,0,0,21,0,14,0,112,23,0,0,21,0,13,0,128,23,0,0,21,0,12,0,155,24,0,0,21,0,11,0,188,23,0,0,21,0,10,0,123,23,0,0,21,0,9,0,121,23,0,0,21,0,8,0,107,24,0,0,21,0,7,0,114,23,0,0,21,0,6,0,115,23,0,0,21,0,5,0,186,24,0,0,21,0,4,0,116,23,0,0,21,0,3,0,118,23,0,0,21,0,2,0,117,23,0,0,21,0,1,0,112,24,0,0,21,0,0,1,113
 ,23,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__hppa__) && !defined(__hppa64__)
+/* PARISC */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	0,32,0,0,0,0,0,4,0,21,0,45,0,0,0,15,0,32,0,0,0,0,0,0,0,21,42,0,0,0,0,228,0,21,41,0,0,0,0,185,0,21,40,0,0,0,0,186,0,21,39,0,0,0,0,188,0,21,38,0,0,0,0,189,0,21,37,0,0,0,0,190,0,21,36,0,0,0,0,85,0,21,35,0,0,0,0,125,0,21,34,0,0,0,0,140,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,206,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,31,0,21,26,0,0,0,0,222,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,106,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,202,0,21,19,0,0,0,0,55,0,21,18,0,0,0,0,3,0,21,17,0,0,0,0,108,0,21,16,0,0,0,0,201,0,21,15,0,0,0,0,141,0,21,14,0,0,0,0,91,0,21,13,0,0,0,0,89,0,21,12,0,0,0,0,90,0,21,11,0,0,0,1,19,0,21,10,0,0,0,0,5,0,21,9,0,0,0,0,6,0,21,8,0,0,0,1,93,0,21,7,0,0,0,0,101,0,21,6,0,0,0,0,18,0,21,5,0,0,0,0,198,0,21,4,0,0,0,0,84,0,21,3,0,0,0,1,24,0,21,2,0,0,0,0,112,0,21,1,0,0,0,0,28,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	0,32,0,0,0,0,0,4,0,21,0,55,0,0,0,15,0,32,0,0,0,0,0,0,0,21,52,0,0,0,0,7,0,21,51,0,0,0,0,235,0,21,50,0,0,0,0,114,0,21,49,0,0,0,0,113,0,21,48,0,0,0,1,32,0,21,47,0,0,0,0,175,0,21,46,0,0,0,0,174,0,21,45,0,0,0,0,2,0,21,44,0,0,0,0,11,0,21,43,0,0,0,0,120,0,21,42,0,0,0,0,228,0,21,41,0,0,0,0,185,0,21,40,0,0,0,0,186,0,21,39,0,0,0,0,188,0,21,38,0,0,0,0,189,0,21,37,0,0,0,0,190,0,21,36,0,0,0,0,85,0,21,35,0,0,0,0,125,0,21,34,0,0,0,0,140,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,206,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,31,0,21,26,0,0,0,0,222,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,106,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,202,0,21,19,0,0,0,0,55,0,21,18,0,0,0,0,3,0,21,17,0,0,0,0,108,0,21,16,0,0,0,0,201,0,21,15,0,0,0,0,141,0,21,14,0,0,0,0,91,0,21,13,0,0,0,0,89,0,21,12,0,0,0,0,90,0,21,11,0,0,0,1,19,0,21,10,0,0,0,0,5,0,21,9,0,0,0,0,6,0,21,8,0,0,0,1,93,0,21,7,0,0,0,0,101,0,21,6,0,0,0,0,18,0,21,5,0,0,0,0,198,0,21,4,0,0,0,0,84
 ,0,21,3,0,0,0,1,24,0,21,2,0,0,0,0,112,0,21,1,0,0,0,0,28,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__hppa__) &&  defined(__hppa64__)
+/* PARISC64 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	0,32,0,0,0,0,0,4,0,21,0,45,128,0,0,15,0,32,0,0,0,0,0,0,0,21,42,0,0,0,0,141,0,21,41,0,0,0,0,91,0,21,40,0,0,0,0,89,0,21,39,0,0,0,0,90,0,21,38,0,0,0,1,19,0,21,37,0,0,0,0,5,0,21,36,0,0,0,0,6,0,21,35,0,0,0,1,93,0,21,34,0,0,0,0,101,0,21,33,0,0,0,0,18,0,21,32,0,0,0,0,198,0,21,31,0,0,0,0,84,0,21,30,0,0,0,1,24,0,21,29,0,0,0,0,112,0,21,28,0,0,0,0,28,0,21,27,0,0,0,0,4,0,21,26,0,0,0,0,228,0,21,25,0,0,0,0,185,0,21,24,0,0,0,0,186,0,21,23,0,0,0,0,188,0,21,22,0,0,0,0,189,0,21,21,0,0,0,0,190,0,21,20,0,0,0,0,85,0,21,19,0,0,0,0,125,0,21,18,0,0,0,0,140,0,21,17,0,0,0,0,19,0,21,16,0,0,0,0,54,0,21,15,0,0,0,0,206,0,21,14,0,0,0,0,20,0,21,13,0,0,0,0,133,0,21,12,0,0,0,1,183,0,21,11,0,0,0,1,31,0,21,10,0,0,0,0,222,0,21,9,0,0,0,0,1,0,21,8,0,0,0,0,12,0,21,7,0,0,0,0,106,0,21,6,0,0,0,0,45,0,21,5,0,0,0,0,33,0,21,4,0,0,0,0,202,0,21,3,0,0,0,0,55,0,21,2,0,0,0,0,3,0,21,1,0,0,0,0,108,0,21,0,1,0,0,0,201,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	0,32,0,0,0,0,0,4,0,21,0,55,128,0,0,15,0,32,0,0,0,0,0,0,0,21,52,0,0,0,0,141,0,21,51,0,0,0,0,91,0,21,50,0,0,0,0,89,0,21,49,0,0,0,0,90,0,21,48,0,0,0,1,19,0,21,47,0,0,0,0,5,0,21,46,0,0,0,0,6,0,21,45,0,0,0,1,93,0,21,44,0,0,0,0,101,0,21,43,0,0,0,0,18,0,21,42,0,0,0,0,198,0,21,41,0,0,0,0,84,0,21,40,0,0,0,1,24,0,21,39,0,0,0,0,112,0,21,38,0,0,0,0,28,0,21,37,0,0,0,0,4,0,21,36,0,0,0,0,7,0,21,35,0,0,0,0,235,0,21,34,0,0,0,0,114,0,21,33,0,0,0,0,113,0,21,32,0,0,0,1,32,0,21,31,0,0,0,0,175,0,21,30,0,0,0,0,174,0,21,29,0,0,0,0,2,0,21,28,0,0,0,0,11,0,21,27,0,0,0,0,120,0,21,26,0,0,0,0,228,0,21,25,0,0,0,0,185,0,21,24,0,0,0,0,186,0,21,23,0,0,0,0,188,0,21,22,0,0,0,0,189,0,21,21,0,0,0,0,190,0,21,20,0,0,0,0,85,0,21,19,0,0,0,0,125,0,21,18,0,0,0,0,140,0,21,17,0,0,0,0,19,0,21,16,0,0,0,0,54,0,21,15,0,0,0,0,206,0,21,14,0,0,0,0,20,0,21,13,0,0,0,0,133,0,21,12,0,0,0,1,183,0,21,11,0,0,0,1,31,0,21,10,0,0,0,0,222,0,21,9,0,0,0,0,1,0,21,8,0,0,0,0,12,0,21,7,0,0,0,0,106,0,21,6,0,0,0,0,45,0,21,5,0,0,0,0,33,0,21,4,0,0,0,0,20
 2,0,21,3,0,0,0,0,55,0,21,2,0,0,0,0,3,0,21,1,0,0,0,0,108,0,21,0,1,0,0,0,201,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__powerpc__) && !defined(__powerpc64__) &&  defined(__BIG_ENDIAN__)
+/* PPC */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	0,32,0,0,0,0,0,4,0,21,0,44,0,0,0,20,0,32,0,0,0,0,0,0,0,21,41,0,0,0,0,117,0,21,40,0,0,0,1,137,0,21,39,0,0,0,1,144,0,21,38,0,0,0,1,145,0,21,37,0,0,0,1,143,0,21,36,0,0,0,0,85,0,21,35,0,0,0,0,125,0,21,34,0,0,0,0,140,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,207,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,42,0,21,26,0,0,0,0,234,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,183,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,204,0,21,19,0,0,0,0,55,0,21,18,0,0,0,0,3,0,21,17,0,0,0,0,179,0,21,16,0,0,0,0,202,0,21,15,0,0,0,0,141,0,21,14,0,0,0,0,91,0,21,13,0,0,0,0,192,0,21,12,0,0,0,0,90,0,21,11,0,0,0,1,30,0,21,10,0,0,0,0,5,0,21,9,0,0,0,0,6,0,21,8,0,0,0,1,127,0,21,7,0,0,0,0,195,0,21,6,0,0,0,0,106,0,21,5,0,0,0,0,196,0,21,4,0,0,0,0,107,0,21,3,0,0,0,1,35,0,21,2,0,0,0,0,197,0,21,1,0,0,0,0,108,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	0,32,0,0,0,0,0,4,0,21,0,54,0,0,0,20,0,32,0,0,0,0,0,0,0,21,51,0,0,0,0,7,0,21,50,0,0,0,1,16,0,21,49,0,0,0,0,114,0,21,48,0,0,0,0,189,0,21,47,0,0,0,1,26,0,21,46,0,0,0,0,174,0,21,45,0,0,0,0,173,0,21,44,0,0,0,0,2,0,21,43,0,0,0,0,11,0,21,42,0,0,0,0,120,0,21,41,0,0,0,0,117,0,21,40,0,0,0,1,137,0,21,39,0,0,0,1,144,0,21,38,0,0,0,1,145,0,21,37,0,0,0,1,143,0,21,36,0,0,0,0,85,0,21,35,0,0,0,0,125,0,21,34,0,0,0,0,140,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,207,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,42,0,21,26,0,0,0,0,234,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,183,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,204,0,21,19,0,0,0,0,55,0,21,18,0,0,0,0,3,0,21,17,0,0,0,0,179,0,21,16,0,0,0,0,202,0,21,15,0,0,0,0,141,0,21,14,0,0,0,0,91,0,21,13,0,0,0,0,192,0,21,12,0,0,0,0,90,0,21,11,0,0,0,1,30,0,21,10,0,0,0,0,5,0,21,9,0,0,0,0,6,0,21,8,0,0,0,1,127,0,21,7,0,0,0,0,195,0,21,6,0,0,0,0,106,0,21,5,0,0,0,0,196,0,21,4,0,0,0,0,107,0,21,3,0,0,0,1,3
 5,0,21,2,0,0,0,0,197,0,21,1,0,0,0,0,108,0,21,0,1,0,0,0,4,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__powerpc__) &&  defined(__powerpc64__) &&  defined(__BIG_ENDIAN__)
+/* PPC64 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	0,32,0,0,0,0,0,4,0,21,0,40,128,0,0,21,0,32,0,0,0,0,0,0,0,21,37,0,0,0,0,117,0,21,36,0,0,0,0,85,0,21,35,0,0,0,0,125,0,21,34,0,0,0,0,140,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,207,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,42,0,21,26,0,0,0,0,234,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,183,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,55,0,21,19,0,0,0,0,3,0,21,18,0,0,0,0,179,0,21,17,0,0,0,0,202,0,21,16,0,0,0,0,141,0,21,15,0,0,0,0,91,0,21,14,0,0,0,0,90,0,21,13,0,0,0,1,30,0,21,12,0,0,0,0,5,0,21,11,0,0,0,0,6,0,21,10,0,0,0,1,127,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,107,0,21,7,0,0,0,0,108,0,21,6,0,0,0,1,35,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	0,32,0,0,0,0,0,4,0,21,0,50,128,0,0,21,0,32,0,0,0,0,0,0,0,21,47,0,0,0,0,7,0,21,46,0,0,0,1,16,0,21,45,0,0,0,0,114,0,21,44,0,0,0,0,189,0,21,43,0,0,0,1,26,0,21,42,0,0,0,0,174,0,21,41,0,0,0,0,173,0,21,40,0,0,0,0,2,0,21,39,0,0,0,0,11,0,21,38,0,0,0,0,120,0,21,37,0,0,0,0,117,0,21,36,0,0,0,0,85,0,21,35,0,0,0,0,125,0,21,34,0,0,0,0,140,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,207,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,42,0,21,26,0,0,0,0,234,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,183,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,55,0,21,19,0,0,0,0,3,0,21,18,0,0,0,0,179,0,21,17,0,0,0,0,202,0,21,16,0,0,0,0,141,0,21,15,0,0,0,0,91,0,21,14,0,0,0,0,90,0,21,13,0,0,0,1,30,0,21,12,0,0,0,0,5,0,21,11,0,0,0,0,6,0,21,10,0,0,0,1,127,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,107,0,21,7,0,0,0,0,108,0,21,6,0,0,0,1,35,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0
 ,6,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__powerpc__) &&  defined(__powerpc64__) && !defined(__BIG_ENDIAN__)
+/* PPC64LE */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	32,0,0,0,4,0,0,0,21,0,0,40,21,0,0,192,32,0,0,0,0,0,0,0,21,0,37,0,117,0,0,0,21,0,36,0,85,0,0,0,21,0,35,0,125,0,0,0,21,0,34,0,140,0,0,0,21,0,33,0,19,0,0,0,21,0,32,0,54,0,0,0,21,0,31,0,207,0,0,0,21,0,30,0,20,0,0,0,21,0,29,0,133,0,0,0,21,0,28,0,183,1,0,0,21,0,27,0,42,1,0,0,21,0,26,0,234,0,0,0,21,0,25,0,1,0,0,0,21,0,24,0,12,0,0,0,21,0,23,0,183,0,0,0,21,0,22,0,45,0,0,0,21,0,21,0,33,0,0,0,21,0,20,0,55,0,0,0,21,0,19,0,3,0,0,0,21,0,18,0,179,0,0,0,21,0,17,0,202,0,0,0,21,0,16,0,141,0,0,0,21,0,15,0,91,0,0,0,21,0,14,0,90,0,0,0,21,0,13,0,30,1,0,0,21,0,12,0,5,0,0,0,21,0,11,0,6,0,0,0,21,0,10,0,127,1,0,0,21,0,9,0,106,0,0,0,21,0,8,0,107,0,0,0,21,0,7,0,108,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	32,0,0,0,4,0,0,0,21,0,0,50,21,0,0,192,32,0,0,0,0,0,0,0,21,0,47,0,7,0,0,0,21,0,46,0,16,1,0,0,21,0,45,0,114,0,0,0,21,0,44,0,189,0,0,0,21,0,43,0,26,1,0,0,21,0,42,0,174,0,0,0,21,0,41,0,173,0,0,0,21,0,40,0,2,0,0,0,21,0,39,0,11,0,0,0,21,0,38,0,120,0,0,0,21,0,37,0,117,0,0,0,21,0,36,0,85,0,0,0,21,0,35,0,125,0,0,0,21,0,34,0,140,0,0,0,21,0,33,0,19,0,0,0,21,0,32,0,54,0,0,0,21,0,31,0,207,0,0,0,21,0,30,0,20,0,0,0,21,0,29,0,133,0,0,0,21,0,28,0,183,1,0,0,21,0,27,0,42,1,0,0,21,0,26,0,234,0,0,0,21,0,25,0,1,0,0,0,21,0,24,0,12,0,0,0,21,0,23,0,183,0,0,0,21,0,22,0,45,0,0,0,21,0,21,0,33,0,0,0,21,0,20,0,55,0,0,0,21,0,19,0,3,0,0,0,21,0,18,0,179,0,0,0,21,0,17,0,202,0,0,0,21,0,16,0,141,0,0,0,21,0,15,0,91,0,0,0,21,0,14,0,90,0,0,0,21,0,13,0,30,1,0,0,21,0,12,0,5,0,0,0,21,0,11,0,6,0,0,0,21,0,10,0,127,1,0,0,21,0,9,0,106,0,0,0,21,0,8,0,107,0,0,0,21,0,7,0,108,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,4,0,0,0,21,0,4,0,136,1,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6
 ,0,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__riscv) && __riscv_xlen == 64
+/* RISCV64 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	32,0,0,0,4,0,0,0,21,0,0,33,243,0,0,192,32,0,0,0,0,0,0,0,21,0,30,0,192,0,0,0,21,0,29,0,193,0,0,0,21,0,28,0,190,0,0,0,21,0,27,0,189,0,0,0,21,0,26,0,188,0,0,0,21,0,25,0,186,0,0,0,21,0,24,0,226,0,0,0,21,0,23,0,62,0,0,0,21,0,22,0,29,0,0,0,21,0,21,0,178,0,0,0,21,0,20,0,172,0,0,0,21,0,19,0,50,0,0,0,21,0,18,0,183,1,0,0,21,0,17,0,48,0,0,0,21,0,16,0,94,0,0,0,21,0,15,0,93,0,0,0,21,0,14,0,49,0,0,0,21,0,13,0,90,0,0,0,21,0,12,0,214,0,0,0,21,0,11,0,25,0,0,0,21,0,10,0,63,0,0,0,21,0,9,0,67,0,0,0,21,0,8,0,61,0,0,0,21,0,7,0,215,0,0,0,21,0,6,0,222,0,0,0,21,0,5,0,56,0,0,0,21,0,4,0,57,0,0,0,21,0,3,0,35,1,0,0,21,0,2,0,80,0,0,0,21,0,1,0,79,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	32,0,0,0,4,0,0,0,21,0,0,40,243,0,0,192,32,0,0,0,0,0,0,0,21,0,37,0,4,1,0,0,21,0,36,0,97,0,0,0,21,0,35,0,135,0,0,0,21,0,34,0,134,0,0,0,21,0,33,0,221,0,0,0,21,0,32,0,220,0,0,0,21,0,31,0,192,0,0,0,21,0,30,0,193,0,0,0,21,0,29,0,190,0,0,0,21,0,28,0,189,0,0,0,21,0,27,0,188,0,0,0,21,0,26,0,186,0,0,0,21,0,25,0,226,0,0,0,21,0,24,0,62,0,0,0,21,0,23,0,29,0,0,0,21,0,22,0,178,0,0,0,21,0,21,0,172,0,0,0,21,0,20,0,50,0,0,0,21,0,19,0,183,1,0,0,21,0,18,0,48,0,0,0,21,0,17,0,94,0,0,0,21,0,16,0,93,0,0,0,21,0,15,0,49,0,0,0,21,0,14,0,90,0,0,0,21,0,13,0,214,0,0,0,21,0,12,0,25,0,0,0,21,0,11,0,63,0,0,0,21,0,10,0,67,0,0,0,21,0,9,0,61,0,0,0,21,0,8,0,215,0,0,0,21,0,7,0,222,0,0,0,21,0,6,0,56,0,0,0,21,0,5,0,57,0,0,0,21,0,4,0,35,1,0,0,21,0,3,0,80,0,0,0,21,0,2,0,79,0,0,0,21,0,1,0,64,0,0,0,21,0,0,1,95,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__s390__) && !defined(__s390x__)
+/* S390 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	0,32,0,0,0,0,0,4,0,21,0,45,0,0,0,22,0,32,0,0,0,0,0,0,0,21,42,0,0,0,0,117,0,21,41,0,0,0,0,85,0,21,40,0,0,0,0,125,0,21,39,0,0,0,0,140,0,21,38,0,0,0,0,19,0,21,37,0,0,0,0,54,0,21,36,0,0,0,0,236,0,21,35,0,0,0,0,20,0,21,34,0,0,0,0,133,0,21,33,0,0,0,1,183,0,21,32,0,0,0,1,44,0,21,31,0,0,0,0,248,0,21,30,0,0,0,0,1,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,184,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,221,0,21,24,0,0,0,0,55,0,21,23,0,0,0,0,3,0,21,22,0,0,0,0,180,0,21,21,0,0,0,0,220,0,21,20,0,0,0,0,141,0,21,19,0,0,0,0,91,0,21,18,0,0,0,0,192,0,21,17,0,0,0,0,90,0,21,16,0,0,0,1,32,0,21,15,0,0,0,0,5,0,21,14,0,0,0,0,6,0,21,13,0,0,0,1,123,0,21,12,0,0,0,0,195,0,21,11,0,0,0,0,106,0,21,10,0,0,0,0,196,0,21,9,0,0,0,0,107,0,21,8,0,0,0,1,37,0,21,7,0,0,0,0,197,0,21,6,0,0,0,0,108,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	0,32,0,0,0,0,0,4,0,21,0,54,0,0,0,22,0,32,0,0,0,0,0,0,0,21,51,0,0,0,1,25,0,21,50,0,0,0,0,114,0,21,49,0,0,0,0,190,0,21,48,0,0,0,1,47,0,21,47,0,0,0,0,175,0,21,46,0,0,0,0,174,0,21,45,0,0,0,0,2,0,21,44,0,0,0,0,11,0,21,43,0,0,0,0,120,0,21,42,0,0,0,0,117,0,21,41,0,0,0,0,85,0,21,40,0,0,0,0,125,0,21,39,0,0,0,0,140,0,21,38,0,0,0,0,19,0,21,37,0,0,0,0,54,0,21,36,0,0,0,0,236,0,21,35,0,0,0,0,20,0,21,34,0,0,0,0,133,0,21,33,0,0,0,1,183,0,21,32,0,0,0,1,44,0,21,31,0,0,0,0,248,0,21,30,0,0,0,0,1,0,21,29,0,0,0,0,12,0,21,28,0,0,0,0,184,0,21,27,0,0,0,0,45,0,21,26,0,0,0,0,33,0,21,25,0,0,0,0,221,0,21,24,0,0,0,0,55,0,21,23,0,0,0,0,3,0,21,22,0,0,0,0,180,0,21,21,0,0,0,0,220,0,21,20,0,0,0,0,141,0,21,19,0,0,0,0,91,0,21,18,0,0,0,0,192,0,21,17,0,0,0,0,90,0,21,16,0,0,0,1,32,0,21,15,0,0,0,0,5,0,21,14,0,0,0,0,6,0,21,13,0,0,0,1,123,0,21,12,0,0,0,0,195,0,21,11,0,0,0,0,106,0,21,10,0,0,0,0,196,0,21,9,0,0,0,0,107,0,21,8,0,0,0,1,37,0,21,7,0,0,0,0,197,0,21,6,0,0,0,0,108,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,13
 7,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__s390__) &&  defined(__s390x__)
+/* S390X */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	0,32,0,0,0,0,0,4,0,21,0,39,128,0,0,22,0,32,0,0,0,0,0,0,0,21,36,0,0,0,0,117,0,21,35,0,0,0,0,85,0,21,34,0,0,0,0,125,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,236,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,44,0,21,26,0,0,0,0,248,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,184,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,55,0,21,19,0,0,0,0,3,0,21,18,0,0,0,0,180,0,21,17,0,0,0,0,220,0,21,16,0,0,0,0,141,0,21,15,0,0,0,0,91,0,21,14,0,0,0,0,90,0,21,13,0,0,0,1,32,0,21,12,0,0,0,0,5,0,21,11,0,0,0,0,6,0,21,10,0,0,0,1,123,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,107,0,21,7,0,0,0,0,108,0,21,6,0,0,0,1,37,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	0,32,0,0,0,0,0,4,0,21,0,48,128,0,0,22,0,32,0,0,0,0,0,0,0,21,45,0,0,0,1,25,0,21,44,0,0,0,0,114,0,21,43,0,0,0,0,190,0,21,42,0,0,0,1,47,0,21,41,0,0,0,0,175,0,21,40,0,0,0,0,174,0,21,39,0,0,0,0,2,0,21,38,0,0,0,0,11,0,21,37,0,0,0,0,120,0,21,36,0,0,0,0,117,0,21,35,0,0,0,0,85,0,21,34,0,0,0,0,125,0,21,33,0,0,0,0,19,0,21,32,0,0,0,0,54,0,21,31,0,0,0,0,236,0,21,30,0,0,0,0,20,0,21,29,0,0,0,0,133,0,21,28,0,0,0,1,183,0,21,27,0,0,0,1,44,0,21,26,0,0,0,0,248,0,21,25,0,0,0,0,1,0,21,24,0,0,0,0,12,0,21,23,0,0,0,0,184,0,21,22,0,0,0,0,45,0,21,21,0,0,0,0,33,0,21,20,0,0,0,0,55,0,21,19,0,0,0,0,3,0,21,18,0,0,0,0,180,0,21,17,0,0,0,0,220,0,21,16,0,0,0,0,141,0,21,15,0,0,0,0,91,0,21,14,0,0,0,0,90,0,21,13,0,0,0,1,32,0,21,12,0,0,0,0,5,0,21,11,0,0,0,0,6,0,21,10,0,0,0,1,123,0,21,9,0,0,0,0,106,0,21,8,0,0,0,0,107,0,21,7,0,0,0,0,108,0,21,6,0,0,0,1,37,0,21,5,0,0,0,0,4,0,21,4,0,0,0,1,136,0,21,3,0,0,0,1,137,0,21,2,0,0,0,1,143,0,21,1,0,0,0,1,144,0,21,0,1,0,0,1,145,0,6,0,0,127,255,0,0,0,6,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__i386__)
+/* X86 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	32,0,0,0,4,0,0,0,21,0,0,44,3,0,0,64,32,0,0,0,0,0,0,0,21,0,41,0,117,0,0,0,21,0,40,0,85,0,0,0,21,0,39,0,125,0,0,0,21,0,38,0,140,0,0,0,21,0,37,0,19,0,0,0,21,0,36,0,54,0,0,0,21,0,35,0,224,0,0,0,21,0,34,0,20,0,0,0,21,0,33,0,133,0,0,0,21,0,32,0,183,1,0,0,21,0,31,0,51,1,0,0,21,0,30,0,252,0,0,0,21,0,29,0,1,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,180,0,0,0,21,0,20,0,220,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,192,0,0,0,21,0,16,0,90,0,0,0,21,0,15,0,39,1,0,0,21,0,14,0,5,0,0,0,21,0,13,0,6,0,0,0,21,0,12,0,127,1,0,0,21,0,11,0,195,0,0,0,21,0,10,0,106,0,0,0,21,0,9,0,196,0,0,0,21,0,8,0,107,0,0,0,21,0,7,0,44,1,0,0,21,0,6,0,197,0,0,0,21,0,5,0,108,0,0,0,21,0,4,0,4,0,0,0,21,0,3,0,137,1,0,0,21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	32,0,0,0,4,0,0,0,21,0,0,54,3,0,0,64,32,0,0,0,0,0,0,0,21,0,51,0,7,0,0,0,21,0,50,0,28,1,0,0,21,0,49,0,114,0,0,0,21,0,48,0,190,0,0,0,21,0,47,0,54,1,0,0,21,0,46,0,175,0,0,0,21,0,45,0,174,0,0,0,21,0,44,0,2,0,0,0,21,0,43,0,11,0,0,0,21,0,42,0,120,0,0,0,21,0,41,0,117,0,0,0,21,0,40,0,85,0,0,0,21,0,39,0,125,0,0,0,21,0,38,0,140,0,0,0,21,0,37,0,19,0,0,0,21,0,36,0,54,0,0,0,21,0,35,0,224,0,0,0,21,0,34,0,20,0,0,0,21,0,33,0,133,0,0,0,21,0,32,0,183,1,0,0,21,0,31,0,51,1,0,0,21,0,30,0,252,0,0,0,21,0,29,0,1,0,0,0,21,0,28,0,12,0,0,0,21,0,27,0,184,0,0,0,21,0,26,0,45,0,0,0,21,0,25,0,33,0,0,0,21,0,24,0,221,0,0,0,21,0,23,0,55,0,0,0,21,0,22,0,3,0,0,0,21,0,21,0,180,0,0,0,21,0,20,0,220,0,0,0,21,0,19,0,141,0,0,0,21,0,18,0,91,0,0,0,21,0,17,0,192,0,0,0,21,0,16,0,90,0,0,0,21,0,15,0,39,1,0,0,21,0,14,0,5,0,0,0,21,0,13,0,6,0,0,0,21,0,12,0,127,1,0,0,21,0,11,0,195,0,0,0,21,0,10,0,106,0,0,0,21,0,9,0,196,0,0,0,21,0,8,0,107,0,0,0,21,0,7,0,44,1,0,0,21,0,6,0,197,0,0,0,21,0,5,0,108,0,0,0,21,0,4,0,4,0,0,0,21,0,3,0,137,1,0,0,
 21,0,2,0,143,1,0,0,21,0,1,0,144,1,0,0,21,0,0,1,145,1,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__x86_64__) &&  defined(__ILP32__)
+/* X32 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	32,0,0,0,4,0,0,0,21,0,0,40,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,38,0,0,0,64,21,0,36,0,220,0,0,64,21,0,35,0,65,0,0,64,21,0,34,0,64,0,0,64,21,0,33,0,69,0,0,64,21,0,32,0,70,0,0,64,21,0,31,0,68,0,0,64,21,0,30,0,89,0,0,64,21,0,29,0,10,0,0,64,21,0,28,0,8,0,0,64,21,0,27,0,2,2,0,64,21,0,26,0,186,0,0,64,21,0,25,0,39,0,0,64,21,0,24,0,81,0,0,64,21,0,23,0,183,1,0,64,21,0,22,0,13,1,0,64,21,0,21,0,231,0,0,64,21,0,20,0,60,0,0,64,21,0,19,0,80,0,0,64,21,0,18,0,125,0,0,64,21,0,17,0,12,0,0,64,21,0,16,0,21,0,0,64,21,0,15,0,72,0,0,64,21,0,14,0,0,0,0,64,21,0,13,0,17,0,0,64,21,0,12,0,217,0,0,64,21,0,11,0,78,0,0,64,21,0,10,0,11,0,0,64,21,0,9,0,9,0,0,64,21,0,8,0,1,1,0,64,21,0,7,0,2,0,0,64,21,0,6,0,3,0,0,64,21,0,5,0,76,1,0,64,21,0,4,0,4,0,0,64,21,0,3,0,6,0,0,64,21,0,2,0,5,0,0,64,21,0,1,0,6,1,0,64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	32,0,0,0,4,0,0,0,21,0,0,49,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,47,0,0,0,64,21,0,45,0,17,2,0,64,21,0,44,0,61,0,0,64,21,0,43,0,58,0,0,64,21,0,42,0,16,1,0,64,21,0,41,0,14,0,0,64,21,0,40,0,0,2,0,64,21,0,39,0,57,0,0,64,21,0,38,0,8,2,0,64,21,0,37,0,56,0,0,64,21,0,36,0,220,0,0,64,21,0,35,0,65,0,0,64,21,0,34,0,64,0,0,64,21,0,33,0,69,0,0,64,21,0,32,0,70,0,0,64,21,0,31,0,68,0,0,64,21,0,30,0,89,0,0,64,21,0,29,0,10,0,0,64,21,0,28,0,8,0,0,64,21,0,27,0,2,2,0,64,21,0,26,0,186,0,0,64,21,0,25,0,39,0,0,64,21,0,24,0,81,0,0,64,21,0,23,0,183,1,0,64,21,0,22,0,13,1,0,64,21,0,21,0,231,0,0,64,21,0,20,0,60,0,0,64,21,0,19,0,80,0,0,64,21,0,18,0,125,0,0,64,21,0,17,0,12,0,0,64,21,0,16,0,21,0,0,64,21,0,15,0,72,0,0,64,21,0,14,0,0,0,0,64,21,0,13,0,17,0,0,64,21,0,12,0,217,0,0,64,21,0,11,0,78,0,0,64,21,0,10,0,11,0,0,64,21,0,9,0,9,0,0,64,21,0,8,0,1,1,0,64,21,0,7,0,2,0,0,64,21,0,6,0,3,0,0,64,21,0,5,0,76,1,0,64,21,0,4,0,4,0,0,64,21,0,3,0,6,0,0,64,21,0,2,0,5,0,0,64,21,0,1,0,6,1,0,64,21,0,0,1,1,0,0,64,6,0,0,0,0,0,255,127,
 6,0,0,0,0,0,0,0,
+};
+#endif
+
+#if defined(__x86_64__) && !defined(__ILP32__)
+/* X86_64 */
+#define SECCOMP_BPF_AVAILABLE
+static const unsigned char seccomp_bpf_blks_base[] = {
+	32,0,0,0,4,0,0,0,21,0,0,41,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,38,255,255,255,255,21,0,36,0,16,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,39,0,0,0,21,0,33,0,81,0,0,0,21,0,32,0,183,1,0,0,21,0,31,0,13,1,0,0,21,0,30,0,231,0,0,0,21,0,29,0,60,0,0,0,21,0,28,0,80,0,0,0,21,0,27,0,125,0,0,0,21,0,26,0,12,0,0,0,21,0,25,0,21,0,0,0,21,0,24,0,72,0,0,0,21,0,23,0,0,0,0,0,21,0,22,0,17,0,0,0,21,0,21,0,217,0,0,0,21,0,20,0,78,0,0,0,21,0,19,0,11,0,0,0,21,0,18,0,9,0,0,0,21,0,17,0,1,1,0,0,21,0,16,0,2,0,0,0,21,0,15,0,3,0,0,0,21,0,14,0,76,1,0,0,21,0,13,0,4,0,0,0,21,0,12,0,6,0,0,0,21,0,11,0,5,0,0,0,21,0,10,0,6,1,0,0,21,0,9,0,1,0,0,0,21,0,8,0,220,0,0,0,21,0,7,0,65,0,0,0,21,0,6,0,64,0,0,0,21,0,5,0,69,0,0,0,21,0,4,0,70,0,0,0,21,0,3,0,68,0,0,0,21,0,2,0,89,0,0,0,21,0,1,0,10,0,0,0,21,0,0,1,8,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+static const unsigned char seccomp_bpf_blks_fork[] = {
+	32,0,0,0,4,0,0,0,21,0,0,50,62,0,0,192,32,0,0,0,0,0,0,0,53,0,0,1,0,0,0,64,21,0,0,47,255,255,255,255,21,0,45,0,16,0,0,0,21,0,44,0,186,0,0,0,21,0,43,0,39,0,0,0,21,0,42,0,81,0,0,0,21,0,41,0,183,1,0,0,21,0,40,0,13,1,0,0,21,0,39,0,231,0,0,0,21,0,38,0,60,0,0,0,21,0,37,0,80,0,0,0,21,0,36,0,125,0,0,0,21,0,35,0,12,0,0,0,21,0,34,0,21,0,0,0,21,0,33,0,72,0,0,0,21,0,32,0,0,0,0,0,21,0,31,0,17,0,0,0,21,0,30,0,217,0,0,0,21,0,29,0,78,0,0,0,21,0,28,0,11,0,0,0,21,0,27,0,9,0,0,0,21,0,26,0,1,1,0,0,21,0,25,0,2,0,0,0,21,0,24,0,3,0,0,0,21,0,23,0,76,1,0,0,21,0,22,0,4,0,0,0,21,0,21,0,6,0,0,0,21,0,20,0,5,0,0,0,21,0,19,0,6,1,0,0,21,0,18,0,1,0,0,0,21,0,17,0,247,0,0,0,21,0,16,0,61,0,0,0,21,0,15,0,58,0,0,0,21,0,14,0,16,1,0,0,21,0,13,0,14,0,0,0,21,0,12,0,13,0,0,0,21,0,11,0,57,0,0,0,21,0,10,0,59,0,0,0,21,0,9,0,56,0,0,0,21,0,8,0,220,0,0,0,21,0,7,0,65,0,0,0,21,0,6,0,64,0,0,0,21,0,5,0,69,0,0,0,21,0,4,0,70,0,0,0,21,0,3,0,68,0,0,0,21,0,2,0,89,0,0,0,21,0,1,0,10,0,0,0,21,0,0,1,8,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+};
+#endif
+
+#ifdef SECCOMP_BPF_AVAILABLE
+typedef struct {
+	uint16_t cnt;
+	const void *bpf;
+} seccomp_bpf_program_t;
+static const seccomp_bpf_program_t seccomp_bpf_program_base = {
+	.cnt = sizeof(seccomp_bpf_blks_base) / 8,
+	.bpf = seccomp_bpf_blks_base,
+};
+static const seccomp_bpf_program_t seccomp_bpf_program_fork = {
+	.cnt = sizeof(seccomp_bpf_blks_fork) / 8,
+	.bpf = seccomp_bpf_blks_fork,
+};
+#endif

diff --git a/security.c b/security.c
index 802e586..4fecfa3 100644
--- a/security.c
+++ b/security.c
@@ -6,6 +6,7 @@
  */
 
 #include "paxinc.h"
+#include "seccomp-bpf.h"
 
 #ifdef __linux__
 
@@ -26,202 +27,23 @@
 #define CLONE_NEWUTS 0
 #endif
 
+#ifndef PR_SET_SECCOMP
+#define PR_SET_SECCOMP 22
+#endif
+#ifndef SECCOMP_MODE_FILTER
+#define SECCOMP_MODE_FILTER 2
+#endif
+
 #ifdef __SANITIZE_ADDRESS__
 /* ASAN does some weird stuff. */
 # define ALLOW_PIDNS 0
+# undef WANT_SECCOMP
 #else
 # define ALLOW_PIDNS 1
 #endif
 
-#ifdef WANT_SECCOMP
-# include <seccomp.h>
-
-/* Simple helper to add all of the syscalls in an array. */
-static int pax_seccomp_rules_add(scmp_filter_ctx ctx, int syscalls[], size_t num)
-{
-	static uint8_t prio;
-	size_t i;
-	for (i = 0; i < num; ++i) {
-		if (syscalls[i] < 0)
-			continue;
-
-		if (seccomp_syscall_priority(ctx, syscalls[i], prio++) < 0) {
-			warnp("seccomp_syscall_priority failed");
-			return -1;
-		}
-		if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, syscalls[i], 0) < 0) {
-			warnp("seccomp_rule_add failed");
-			return -1;
-		}
-	}
-	return 0;
-}
-#define pax_seccomp_rules_add(ctx, syscalls) pax_seccomp_rules_add(ctx, syscalls, ARRAY_SIZE(syscalls))
-
-static void
-pax_seccomp_sigal(__unused__ int signo, siginfo_t *info, __unused__ void *context)
-{
-#ifdef si_syscall
-	warn("seccomp violated: syscall %i", info->si_syscall);
-	fflush(stderr);
-	warn("  syscall = %s",
-		seccomp_syscall_resolve_num_arch(seccomp_arch_native(), info->si_syscall));
-	fflush(stderr);
-#else
-	warn("seccomp violated: syscall unknown (no si_syscall)");
-#endif
-	kill(getpid(), SIGSYS);
-	_exit(1);
-}
-
-static void pax_seccomp_signal_init(void)
-{
-	struct sigaction act;
-	sigemptyset(&act.sa_mask);
-	act.sa_sigaction = pax_seccomp_sigal,
-	act.sa_flags = SA_SIGINFO | SA_RESETHAND;
-	sigaction(SIGSYS, &act, NULL);
-}
-
-static void pax_seccomp_init(bool allow_forking)
-{
-	/* Order determines priority (first == lowest prio).  */
-	int base_syscalls[] = {
-		/* We write the most w/scanelf.  */
-		SCMP_SYS(write),
-		SCMP_SYS(writev),
-		SCMP_SYS(pwrite64),
-		SCMP_SYS(pwritev),
-
-		/* Then the stat family of functions.  */
-		SCMP_SYS(newfstatat),
-		SCMP_SYS(fstat),
-		SCMP_SYS(fstat64),
-		SCMP_SYS(fstatat64),
-		SCMP_SYS(lstat),
-		SCMP_SYS(lstat64),
-		SCMP_SYS(stat),
-		SCMP_SYS(stat64),
-		SCMP_SYS(statx),
-
-		/* Then the fd close func.  */
-		SCMP_SYS(close),
-
-		/* Then fd open family of functions.  */
-		SCMP_SYS(open),
-		SCMP_SYS(openat),
-
-		/* Then the memory mapping functions.  */
-		SCMP_SYS(mmap),
-		SCMP_SYS(mmap2),
-		SCMP_SYS(munmap),
-
-		/* Then the directory reading functions.  */
-		SCMP_SYS(getdents),
-		SCMP_SYS(getdents64),
-
-		/* Then the file reading functions.  */
-		SCMP_SYS(pread64),
-		SCMP_SYS(read),
-		SCMP_SYS(readv),
-		SCMP_SYS(preadv),
-
-		/* Then the fd manipulation functions.  */
-		SCMP_SYS(fcntl),
-		SCMP_SYS(fcntl64),
-
-		/* After this point, just sort the list alphabetically.  */
-		SCMP_SYS(access),
-		SCMP_SYS(brk),
-		SCMP_SYS(capget),
-		SCMP_SYS(chdir),
-		SCMP_SYS(dup),
-		SCMP_SYS(dup2),
-		SCMP_SYS(dup3),
-		SCMP_SYS(exit),
-		SCMP_SYS(exit_group),
-		SCMP_SYS(faccessat),
-		SCMP_SYS(fchdir),
-		SCMP_SYS(getpid),
-		SCMP_SYS(gettid),
-		SCMP_SYS(ioctl),
-		SCMP_SYS(lseek),
-		SCMP_SYS(_llseek),
-		SCMP_SYS(mprotect),
-
-		/* Syscalls listed because of compiler settings.  */
-		SCMP_SYS(futex),
-
-		/* Syscalls listed because of sandbox.  */
-		SCMP_SYS(readlink),
-		SCMP_SYS(readlinkat),
-		SCMP_SYS(getcwd),
-		#ifndef __SNR_faccessat2
-		/* faccessat2 is not yet defiled in latest libseccomp-2.5.1 */
-		#    define __SNR_faccessat2 __NR_faccessat2
-		#endif
-		SCMP_SYS(faccessat2),
-
-		/* Syscalls listed because of fakeroot.  */
-		SCMP_SYS(msgget),
-		SCMP_SYS(msgrcv),
-		SCMP_SYS(msgsnd),
-		SCMP_SYS(semget),
-		SCMP_SYS(semop),
-		SCMP_SYS(semtimedop),
-		/*
-		 * Some targets like ppc and i386 implement the above
-		 * syscall as subcalls via ipc() syscall.
-		 * https://bugs.gentoo.org/675378
-		 */
-		SCMP_SYS(ipc),
-	};
-	int fork_syscalls[] = {
-		SCMP_SYS(clone),
-		SCMP_SYS(execve),
-		SCMP_SYS(fork),
-		SCMP_SYS(rt_sigaction),
-		SCMP_SYS(rt_sigprocmask),
-		SCMP_SYS(unshare),
-		SCMP_SYS(vfork),
-		SCMP_SYS(wait4),
-		SCMP_SYS(waitid),
-		SCMP_SYS(waitpid),
-	};
-	scmp_filter_ctx ctx = seccomp_init(USE_DEBUG ? SCMP_ACT_TRAP : SCMP_ACT_KILL);
-	if (!ctx) {
-		warnp("seccomp_init failed");
-		return;
-	}
-
-	if (pax_seccomp_rules_add(ctx, base_syscalls) < 0)
-		goto done;
-
-	if (allow_forking)
-		if (pax_seccomp_rules_add(ctx, fork_syscalls) < 0)
-			goto done;
-
-	/* We already called prctl. */
-	seccomp_attr_set(ctx, SCMP_FLTATR_CTL_NNP, 0);
-
-	if (USE_DEBUG)
-		pax_seccomp_signal_init();
-
-#ifndef __SANITIZE_ADDRESS__
-	/* ASAN does some weird stuff. */
-	if (seccomp_load(ctx) < 0) {
-		/* We have to assume that EINVAL == CONFIG_SECCOMP is disabled. */
-		if (errno != EINVAL)
-			warnp("seccomp_load failed");
-	}
-#endif
-
- done:
-	seccomp_release(ctx);
-}
-
-#else
-# define pax_seccomp_init(allow_forking)
+#ifndef SECCOMP_BPF_AVAILABLE
+# undef WANT_SECCOMP
 #endif
 
 static int ns_unshare(int flags)
@@ -308,7 +130,19 @@ void security_init(bool allow_forking)
 				_exit(0);
 	}
 
-	pax_seccomp_init(allow_forking);
+#ifdef WANT_SECCOMP
+	{
+	int ret;
+
+	if (allow_forking)
+		ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &seccomp_bpf_program_fork);
+	else
+		ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &seccomp_bpf_program_base);
+
+	if (ret)
+		warn("enabling seccomp failed");
+	}
+#endif
 }
 
 #endif