Scroll to navigation

seccomp_load(3) libseccomp Documentation seccomp_load(3)


seccomp_load - Load the current seccomp filter into the kernel


#include <seccomp.h>

typedef void * scmp_filter_ctx;

int seccomp_load(scmp_filter_ctx ctx);

Link with -lseccomp.


Loads the seccomp filter provided by ctx into the kernel; if the function succeeds the new seccomp filter will be active when the function returns.

As it is possible to have multiple stacked seccomp filters for a given task (defined as either a process or a thread), it is important to remember that each of the filters loaded for a given task are executed when a syscall is made and the "strictest" rule is the rule that is applied. In the case of seccomp, "strictest" is defined as the action with the lowest value (e.g. SCMP_ACT_KILL is "stricter" than SCMP_ACT_ALLOW).


Returns zero on success or one of the following error codes on failure:

There was a system failure beyond the control of the library.
Internal libseccomp failure.
Invalid input, either the context or architecture token is invalid.
The library was unable to allocate enough memory.
Unable to load the filter due to thread issues.

If the SCMP_FLTATR_API_SYSRAWRC filter attribute is non-zero then additional error codes may be returned to the caller; these additional error codes are the negative errno values returned by the system. Unfortunately libseccomp can make no guarantees about these return values.


#include <seccomp.h>
int main(int argc, char *argv[])
	int rc = -1;
	scmp_filter_ctx ctx;
	ctx = seccomp_init(SCMP_ACT_KILL);
	if (ctx == NULL)
		goto out;
	/* ... */
	rc = seccomp_load(ctx);
	if (rc < 0)
		goto out;
	/* ... */
	return -rc;


While the seccomp filter can be generated independent of the kernel, kernel support is required to load and enforce the seccomp filter generated by libseccomp.

The libseccomp project site, with more information and the source code repository, can be found at This tool, as well as the libseccomp library, is currently under development, please report any bugs at the project site or directly to the author.


Paul Moore <>


seccomp_init(3), seccomp_reset(3), seccomp_release(3), seccomp_rule_add(3), seccomp_rule_add_exact(3)

30 May 2020