Use strace's --seccomp-bpf option

[i-ky]

Newer versions of strace support --seccomp-bpf option introduced in version 5.3:

Implemented usage of seccomp-bpf for stopping tracees only for filtered
syscalls. Use --seccomp-bpf option to enable.

It has huge impact on performance. According to my tests, strace command currently used by compile-db-gen adds ~100% overhead (i.e. build time doubles under strace). Simply adding --seccomp-bpf reduces overhead to ~10% making it almost unnoticeable.

I honestly don't know why strace developers did not make --seccomp-bpf a new default, but it definitely makes sense to use it in compile-db-gen, if available.

[sunlin7]

I'm still working on CentOS 7, kernel 3.10.0, strace 4.24.
Will update to the Ubuntu 20.04 this year, then will work on feature. :)

[sunlin7]

Close this ticket and won't enable seccomp-bpf as the explanation in the strace/strace#274.

[i-ky]

Not even allow user to enable it at their own risk via an option flag?

[sunlin7]

Okay, I'm going to take a look, give me some time, will update this week. Thanks