Comment 1 for bug 1789551

Qemu 2.12 on Cosmic

for pid in $(pidof qemu-system-ppc64); do echo PID $pid; for task in /proc/$pid/task/*; do cat $task/status | grep Secc; done; done
PID 158126
Seccomp: 2
Seccomp: 0
Seccomp: 2
Seccomp: 2
Seccomp: 2
Seccomp: 2
Seccomp: 2
Seccomp: 2
Seccomp: 2

Hmm, why isn't this on by default in Bionic as I expect it ...
Anyway, as I thought the feature existed back then as well and users could have turned it on like
  "-sandbox on..."
I checked with that 2.11 in Bionic is also affected.

There is a useful one line reproducer:
$ qemu-system-x86_64 -sandbox on -nographic & pid=$!; sleep 2s; echo PID $pid; for task in /proc/$pid/task/*; do cat $task/status | grep Secc; done; kill -9 $pid

That will report something like
PID 23230
Seccomp: 2
Seccomp: 0

And the two lines should match.