How solved? AFAIK it's not meaningfully shipped but happy to hear otherwise.
you can now disable opertions with cBPF, like you would be able to with seccomp for normal syscalls.
you can now disable opertions with cBPF, like you would be able to with seccomp for normal syscalls.