[$] Seccomp user-space notification and signals

The seccomp()mechanism allows the imposition of a filter program (expressed in "classic" BPF)that makes policy decisions on whether to allow each system call invoked by the targetprocess. The user-space notificationfeature further allows those decisions to be deferred to anotherprocess. As this recentpatch set from Sargun Dhillon shows, though, user-space notificationstill has some rough edges, especially when it comes to signals. Thispatch makes a simple change to try to address a rather complex problembrought to the fore by changes in the Go language's preemption model.