Comment 3 for bug 1018415

I would prefer this not be set to "emulate" because it can break seccomp. Instead, since 12.04 and later have glibc >2.14, I think it would be better to entirely eliminate the vsyscall interface (i.e. = NONE). Nothing should be depending on it. If someone has some weird statically linked 64-bit program that depends on vsyscall, they can boot with vsyscall=native on the kernel command line. (Setting it to "none" means it is still mapped, but just turns into a trap if it gets executed.)