buildkit/util/system/seccomp_linux.go

30 lines
574 B
Go

// +build linux,seccomp
package system
import (
"sync"
"golang.org/x/sys/unix"
)
var seccompSupported bool
var seccompOnce sync.Once
func SeccompSupported() bool {
seccompOnce.Do(func() {
seccompSupported = getSeccompSupported()
})
return seccompSupported
}
func getSeccompSupported() bool {
if err := unix.Prctl(unix.PR_GET_SECCOMP, 0, 0, 0, 0); err != unix.EINVAL {
// Make sure the kernel has CONFIG_SECCOMP_FILTER.
if err := unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0); err != unix.EINVAL {
return true
}
}
return false
}