seccomp: add ppc64le (POWER) support

[Scottcjn]

Summary

Adds ppc64le (IBM POWER) as a third supported architecture for apply-seccomp, alongside the existing x86_64 and aarch64. Enables sandbox mode for Claude Code / any ASRT consumer running on POWER8/POWER9/POWER10 Linux.

Why

Claude Code on IBM POWER8 (@anthropic-ai/claude-code@2.1.112) runs cleanly via a locally built Node.js, but sandbox mode emits this on every invocation:

[Sandbox Linux] apply-seccomp binary not available - unix socket blocking disabled.
Install @anthropic-ai/sandbox-runtime globally for full protection.

Installing @anthropic-ai/sandbox-runtime doesn't fix it either, because vendor/seccomp/ only ships x64 + arm64 binaries. POWER8 is a legitimate production Linux target (IBM Cloud Power VS, financial/HPC shops, Debian ports, RHEL for Power, Ubuntu for Power) and recent AI tooling adoption is real — vllm added ppc64le CPU backend support in vllm-project/vllm#37586.

What changed

vendor/seccomp-src/seccomp-unix-block.c

Accepts powerpc64le as a third value for the optional arch argument, mapping to SCMP_ARCH_PPC64LE (supported by libseccomp ≥ 2.3). Enables cross-compilation of the BPF filter from any host.

vendor/seccomp/build.ts

• nodeArchToDir maps Node's process.arch === 'ppc64' to the ppc64le output directory. (Node reports ppc64 on ppc64le Linux — the filter we produce is LE-only, so the directory name is explicit about that, following the ripgrep-vendor convention that uses ppc64le-linux.)
• BPF generation loop now emits three targets (x86_64, aarch64, powerpc64le).
• Generated unix-block-bpf.h gains a #elif defined(__powerpc64__) && defined(_CALL_ELF) && _CALL_ELF == 2 branch. The _CALL_ELF == 2 check pins to the ELFv2 (little-endian) ABI that mainstream Linux on POWER uses today — big-endian ppc64 would need its own BPF and is out of scope here.

vendor/seccomp/ppc64le/apply-seccomp

Pre-built binary (847 KB, statically linked, stripped). Built natively on an IBM Power S824 (Ubuntu 20.04 LTS, GCC 9.4, libseccomp 2.5.4) using the updated build.ts pipeline.

Testing

Built and tested on real hardware:

• IBM Power System S824 (8286-42A), dual 8-core POWER8, 128 SMT threads, 512 GB RAM
• Ubuntu 20.04 LTS (last POWER8-supported Ubuntu)
• GCC 9.4.0, libseccomp 2.5.4
• Node.js v22 (built from source; process.arch === 'ppc64')

Verified the binary runs:

$ file vendor/seccomp/ppc64le/apply-seccomp
ELF 64-bit LSB executable, 64-bit PowerPC or cisco 7500, OpenPOWER ELF V2 ABI,
version 1 (GNU/Linux), statically linked, stripped

$ ./vendor/seccomp/ppc64le/apply-seccomp
[usage info printed as expected]

Verified sandbox mode in Claude Code picks up the new binary once the cli.js arch resolver is extended (process.arch === 'ppc64' ? 'ppc64le' : null added to the existing x64/arm64 chain). That cli.js change is a separate repo (anthropics/claude-code is a different package) and will be filed there once this lands.

Size sanity

Arch	Binary size
x64	751 KB (existing)
arm64
ppc64le	847 KB (this PR)

Slightly larger than x64 because ppc64le libseccomp.a pulls in a bit more arch-table data. Well under 1 MB.

To reproduce the build

sudo apt install libseccomp-dev   # or build from source with gperf + auto-tools
cd vendor/seccomp-src
gcc -static -O2 -Wall -Wextra -o /tmp/seccomp-unix-block \
    seccomp-unix-block.c -lseccomp
/tmp/seccomp-unix-block /tmp/ppc64le.bpf powerpc64le

# generate unix-block-bpf.h with the 144-byte BPF payload…
# (build.ts now does this automatically)

gcc -static -O2 -Wall -Wextra -I /tmp \
    -o vendor/seccomp/ppc64le/apply-seccomp \
    vendor/seccomp-src/apply-seccomp.c -lseccomp
strip vendor/seccomp/ppc64le/apply-seccomp

Or just run tsx vendor/seccomp/build.ts on a POWER8 host with the new build.ts.

Follow-up

• cli.js arch resolver change in anthropic-ai/claude-code (separate PR, not this repo) — happy to file once this lands and there's an upstream home for the ppc64le binary.
• Big-endian ppc64 (non-LE) support would need another BPF target + #elif defined(__powerpc64__) && !defined(_CALL_ELF) branch. Out of scope unless someone has the hardware to test.

Thanks for shipping ASRT as Apache-2.0 — it made this port trivial.

[Scottcjn]

Friendly first ping — adds ppc64le as a third apply-seccomp arch alongside x86_64/aarch64, so Claude Code's sandbox mode no longer emits the "binary not available" warning on POWER8/9/10. Diff is small (+16/-6, syscall table + arch dispatch) and tested on a real POWER8 S824. Ready when someone has a minute.