use another data structure instead of seccomp_data with seccomp

Is it possible to use another data structure instead of seccomp_data within the BPF code of seccomp? For example from this...

...
BPF_STMT(BPF_LD+BPF_W+BPF_ABS,(offsetof (struct seccomp_data, args[0]))),
...

to this

...
BPF_STMT(BPF_LD+BPF_W+BPF_ABS,(offsetof (struct my_data, my_field[0]))),
...

Solution

No, that structure is populated on the kernel side before calling your cBPF program. To change what data your cBPF programs take as input, you'd have to edit (and recompile) the kernel.

You could redefine that structure, but I'm not sure what the point of that would be.

How to bpf_prog_test_run_opts to a program that extends xdp_dispatcher
Simple way to verify valid BPF filter
bpf_trace_printk format pointer
Use eBPF to change process's CPU affinity
How do you compute the performance impact of a eBPF probe?
Is there a way to safely update an eBPF map with a spin lock held in the ebpf program?
Is there a BPF_MAP_LOOKUP_AND_UPDATE_ELEM syscall similar to BPF_MAP_LOOKUP_AND_DELETE_ELEM?
where is the entry point in kernel for an eBPF msg_verdict program?
Is it possible to create and send a packet from a bpf program?
BPF per CPU array is not zero initialized?
BPF verifier rejects with "Permission denied (13)!" when using bpf_trace_printk()
write and read netfilter connectrack using eBPF/XDP
Why is having an userspace version of eBPF interesting?
How to unload bpd program using bpftool?
What is the recommended way to unit test eBPF/XDP program?
Parsing Non linear packet payload in TC BPF programs
libbpf: map 'hash_map': unknown field 'values' in hash_map with struct as value
is this valid C plus valid ebpf, means can I safe the address of any object in long type which is 8 byte size
Regarding the ebpf question, bpf_ringbuf_submit is not in effect
eBPF: invalid access to map value even with bounds check
How does one write Unit Tests for eBPF programs written in python via the BCC interface for eBPF?
Using eBPF in dpdk
Implementing cloning and (de/en)capsulation of packets using eBPF
eBPF verifier error in reading map value struct with a __u64 element
How to detach ebpf cgroup programs without using bpftool?
Permission denied when using bpf_probe_read() in the ebpf program
adding code to bpf _kernel.c file for uprobe SEC routines (libbpf +c)
eBPF: Loading and attaching an eBPF program to sys_enter_execve using only system calls
ebpf tc failed calling bpf_csum_diff a second time
libbpf failed to open system Kconfig when using 'bpftool struct_ops' command