But only in very small sandboxes, right? Yes, seccomp could potentially be used for your JIT/interpreter sandbox. And because it inherently executes untrusted input, that's definitely the most important place.
But compare how many applications execute untrusted remote programs to how many programs that have had security vulnerabilities. Or indeed, how much code.
What percentage of code runs in chrome/firefox's sandbox? 0.0001%?
Have you tried to create a seccomp ruleset for a real program? I have. There are too many variations between machines and code paths that you'll necessarily need to leave wide open doors through your policy. Sure, the more you disable the "luck" you manufacture in case of a bug, preventing exploitation. But no, it's not fit for purpose outside these extremely niche use cases.
But compare how many applications execute untrusted remote programs to how many programs that have had security vulnerabilities. Or indeed, how much code.
What percentage of code runs in chrome/firefox's sandbox? 0.0001%?
Have you tried to create a seccomp ruleset for a real program? I have. There are too many variations between machines and code paths that you'll necessarily need to leave wide open doors through your policy. Sure, the more you disable the "luck" you manufacture in case of a bug, preventing exploitation. But no, it's not fit for purpose outside these extremely niche use cases.