Linux distribution and version

Fedora 33

Flatpak version

1.10.2

Description of the problem

Most of the time performance impact of seccomp filter in games/apps not negligible and not relevant. But in some games and CPU intensive task this could lead in noticeable overhead and framerate/performance drop. The more game CPU bound — the more pronounced difference in framerate. I've did few tests and examples:

PC specs:

• AMD Ryzen 3 3300X
• AMD Radeon VII

Benchmarks

• Geekbench

  • seccomp https://browser.geekbench.com/v5/cpu/6873732
    SC: 1286
    MC: 5202
  • noseccomp https://browser.geekbench.com/v5/cpu/6873763
    SC: 1377
    MC: 5473

  Difference: 7%

• Shadow of the Tomb Raider

  • seccomp
    Average FPS: 123
    Max CPU Render: 435
    
  • noseccomp
    Average FPS: 127
    Max CPU Render: 517
    

  Difference: 3%. But in my case GPU was bottleneck. The difference in Max CPU Render is 19%.

• Elemental demo - https://www.unrealengine.com/marketplace/en-US/learn/elemental-demo

  • seccomp
    AVG FPS: 52
    

  • noseccomp
    AVG FPS: 59
    

  Difference: 12%

Steps to reproduce

For testing purposes i've created COPR repo for Fedora. To run flatpak without seccomp filter:

flatpak run --allow=unconfined <APP>

Questions/suggestions:

As far i know there is working towards improving performance of seccomp filter, but until then maybe we can add option to disable entirely seccomp filter in flatpak which could specified into flatpak manifest for such apps/games where performance is critical? Game developers often fighting for 1-2% performance boost, but here we can get up to +19%, maybe even more. This for sure reduce safety/security but safety/security in some cases not critical — performance is.