system.seccomp_set_mode_filter Synopsis local system = require "system" system.seccomp_set_mode_filter(bpf_fprogram: byte_span) Description Set the secure computing (seccomp) mode for the calling process (i.e. SECCOMP_FILTER_FLAG_TSYNC is always used), to limit the available system calls. Only the master VM is allowed to use this function. linux_capabilities landlock_create_ruleset