30 lines
566 B
Go
30 lines
566 B
Go
|
// +build linux
|
||
|
|
||
|
package system
|
||
|
|
||
|
import (
|
||
|
"sync"
|
||
|
|
||
|
"golang.org/x/sys/unix"
|
||
|
)
|
||
|
|
||
|
var seccompSupported bool
|
||
|
var seccompOnce sync.Once
|
||
|
|
||
|
func SeccompSupported() bool {
|
||
|
seccompOnce.Do(func() {
|
||
|
seccompSupported = getSeccompSupported()
|
||
|
})
|
||
|
return seccompSupported
|
||
|
}
|
||
|
|
||
|
func getSeccompSupported() bool {
|
||
|
if err := unix.Prctl(unix.PR_GET_SECCOMP, 0, 0, 0, 0); err != unix.EINVAL {
|
||
|
// Make sure the kernel has CONFIG_SECCOMP_FILTER.
|
||
|
if err := unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0); err != unix.EINVAL {
|
||
|
return true
|
||
|
}
|
||
|
}
|
||
|
return false
|
||
|
}
|