进程创建时安全计算处理

static void copy_seccomp(struct task_struct *p){#ifdef CONFIG_SECCOMP /*  * Must be called with sighand->lock held, which is common to  * all threads in the group. Holding cred_guard_mutex is not  * needed because this new task is not yet running and cannot  * be racing exec.  */ assert_spin_locked(&current->sighand->siglock);
 /* Ref-count the new filter user, and assign it. */ get_seccomp_filter(current); p->seccomp = current->seccomp;
 /*  * Explicitly enable no_new_privs here in case it got set  * between the task_struct being duplicated and holding the  * sighand lock. The seccomp state and nnp must be in sync.  */ if (task_no_new_privs(current))  task_set_no_new_privs(p);
 /*  * If the parent gained a seccomp mode after copying thread  * flags and between before we held the sighand lock, we have  * to manually enable the seccomp thread flag here.  */ if (p->seccomp.mode != SECCOMP_MODE_DISABLED)  set_tsk_thread_flag(p, TIF_SECCOMP);#endif}