Closed
Description
Issue originally identified at moby/moby#32714
Presently, when adding a rule with multiple syscall arguments, we add each argument separately with a separate call to seccomp_rule_add_array and a single syscall specified. This produces an OR relationship between the arguments - IE, we will match if any of the arguments match.
However, using libseccomp directly, adding multiple rules at the same time with a single API call will result in an AND relationship - the rule will only match if all of the arguments match.
Matching the behavior of the library is important, and at present use cases requiring ANDing syscall rules are not supported.