| // +build linux,seccomp |
| |
| package system |
| |
| import ( |
| "sync" |
| |
| "golang.org/x/sys/unix" |
| ) |
| |
| var seccompSupported bool |
| var seccompOnce sync.Once |
| |
| func SeccompSupported() bool { |
| seccompOnce.Do(func() { |
| seccompSupported = getSeccompSupported() |
| }) |
| return seccompSupported |
| } |
| |
| func getSeccompSupported() bool { |
| if err := unix.Prctl(unix.PR_GET_SECCOMP, 0, 0, 0, 0); err != unix.EINVAL { |
| // Make sure the kernel has CONFIG_SECCOMP_FILTER. |
| if err := unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0); err != unix.EINVAL { |
| return true |
| } |
| } |
| return false |
| } |