seccomp() can fail for the following reasons:
EACCES The caller did not have the CAP_SYS_ADMIN capability in
its user namespace, or had not set no_new_privs before
using SECCOMP_SET_MODE_FILTER.
EBUSY While installing a new filter, the
SECCOMP_FILTER_FLAG_NEW_LISTENER flag was specified, but a
previous filter had already been installed with that flag.
EFAULT args was not a valid address.
EINVAL operation is unknown or is not supported by this kernel
version or configuration.
EINVAL The specified flags are invalid for the given operation.
EINVAL operation included BPF_ABS, but the specified offset was
not aligned to a 32-bit boundary or exceeded
sizeof(struct seccomp_data).
EINVAL A secure computing mode has already been set, and
operation differs from the existing setting.
EINVAL operation specified SECCOMP_SET_MODE_FILTER, but the
filter program pointed to by args was not valid or the
length of the filter program was zero or exceeded
BPF_MAXINSNS (4096) instructions.
ENOMEM Out of memory.
ENOMEM The total length of all filter programs attached to the
calling thread would exceed MAX_INSNS_PER_PATH (32768)
instructions. Note that for the purposes of calculating
this limit, each already existing filter program incurs an
overhead penalty of 4 instructions.
EOPNOTSUPP
operation specified SECCOMP_GET_ACTION_AVAIL, but the
kernel does not support the filter return action specified
by args.
ESRCH Another thread caused a failure during thread sync, but
its ID could not be determined.
