RFE: allow adding syscall definitions dynamically

[mvo5]

When building software on top of libseccomp sometimes we are stuck with older version of libseccomp. When someone e.g. runs with RHEL or an ubuntu LTS the syscall table is generally a bit behind. It would be great if there was a mechanism to add syscall to libseccomp from the program that uses libseccomp.

Something like (strawman):

int seccomp_syscall_add(const char* name, num unsigned int, arch uint32_t arch_token);

Our use case is the new "stax" syscall which is used by the latest QT but is not available in the libseccomp versions available in older distros. So when building confinement for QT apps with seccomp filtering this is problematic on older distro releases.

If the idea sounds reasonable I'm happy to look at implementing it and providing a PR.

[pcmoore]

Hi @mvo5. To be honest, I'm not entirely sure what I think of the proposed API (I recognize it is just a rough idea for discussion), or even how I think we should try to solve this, but I think I understand the problem you are facing.

Regardless, this would be something that would happen after the v2.4 release; we are way overdue getting that out the door, and adding another feature would only push that back further.