2018-06-08 21:07:42 -04:00
|
|
|
// +build linux,seccomp
|
2018-04-19 13:07:27 -04:00
|
|
|
|
|
|
|
package system
|
|
|
|
|
|
|
|
import (
|
|
|
|
"sync"
|
|
|
|
|
|
|
|
"golang.org/x/sys/unix"
|
|
|
|
)
|
|
|
|
|
|
|
|
var seccompSupported bool
|
|
|
|
var seccompOnce sync.Once
|
|
|
|
|
|
|
|
func SeccompSupported() bool {
|
|
|
|
seccompOnce.Do(func() {
|
|
|
|
seccompSupported = getSeccompSupported()
|
|
|
|
})
|
|
|
|
return seccompSupported
|
|
|
|
}
|
|
|
|
|
|
|
|
func getSeccompSupported() bool {
|
|
|
|
if err := unix.Prctl(unix.PR_GET_SECCOMP, 0, 0, 0, 0); err != unix.EINVAL {
|
|
|
|
// Make sure the kernel has CONFIG_SECCOMP_FILTER.
|
|
|
|
if err := unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0); err != unix.EINVAL {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|