cri-o/test/checkseccomp/checkseccomp.go

package main

import (
	"os"

	"golang.org/x/sys/unix"
)

const (
	// SeccompModeFilter refers to the unix argument SECCOMP_MODE_FILTER.
	SeccompModeFilter = uintptr(2)
)

func main() {
	// Check if Seccomp is supported, via CONFIG_SECCOMP.
	if _, _, err := unix.RawSyscall(unix.SYS_PRCTL, unix.PR_GET_SECCOMP, 0, 0); err != unix.EINVAL {
		// Make sure the kernel has CONFIG_SECCOMP_FILTER.
		if _, _, err := unix.RawSyscall(unix.SYS_PRCTL, unix.PR_SET_SECCOMP, SeccompModeFilter, 0); err != unix.EINVAL {
			os.Exit(0)
		}
	}
	os.Exit(1)
}
test: add a custom binary to reliable check seccomp support Signed-off-by: Antonio Murdaca <runcom@redhat.com> 2017-01-19 17:10:47 +00:00			`package main`

			`import (`
			`"os"`
all: Switch from package syscall to golang.org/x/sys/unix The syscall package is locked down and the comment in [1] advises to switch code to use the corresponding package from golang.org/x/sys. Do so and replace usage of package syscall where possible (leave syscall.SysProcAttr and syscall.Stat_t). [1] https://github.com/golang/go/blob/master/src/syscall/syscall.go#L21-L24 This will also allow to get updates and fixes just by re-vendoring golang.org/x/sys/unix instead of having to update to a new go version. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> 2017-06-28 15:47:31 +00:00
			`"golang.org/x/sys/unix"`
test: add a custom binary to reliable check seccomp support Signed-off-by: Antonio Murdaca <runcom@redhat.com> 2017-01-19 17:10:47 +00:00			`)`

			`const (`
all: Switch from package syscall to golang.org/x/sys/unix The syscall package is locked down and the comment in [1] advises to switch code to use the corresponding package from golang.org/x/sys. Do so and replace usage of package syscall where possible (leave syscall.SysProcAttr and syscall.Stat_t). [1] https://github.com/golang/go/blob/master/src/syscall/syscall.go#L21-L24 This will also allow to get updates and fixes just by re-vendoring golang.org/x/sys/unix instead of having to update to a new go version. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> 2017-06-28 15:47:31 +00:00			`// SeccompModeFilter refers to the unix argument SECCOMP_MODE_FILTER.`
test: add a custom binary to reliable check seccomp support Signed-off-by: Antonio Murdaca <runcom@redhat.com> 2017-01-19 17:10:47 +00:00			`SeccompModeFilter = uintptr(2)`
			`)`

			`func main() {`
			`// Check if Seccomp is supported, via CONFIG_SECCOMP.`
all: Switch from package syscall to golang.org/x/sys/unix The syscall package is locked down and the comment in [1] advises to switch code to use the corresponding package from golang.org/x/sys. Do so and replace usage of package syscall where possible (leave syscall.SysProcAttr and syscall.Stat_t). [1] https://github.com/golang/go/blob/master/src/syscall/syscall.go#L21-L24 This will also allow to get updates and fixes just by re-vendoring golang.org/x/sys/unix instead of having to update to a new go version. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> 2017-06-28 15:47:31 +00:00			`if _, _, err := unix.RawSyscall(unix.SYS_PRCTL, unix.PR_GET_SECCOMP, 0, 0); err != unix.EINVAL {`
test: add a custom binary to reliable check seccomp support Signed-off-by: Antonio Murdaca <runcom@redhat.com> 2017-01-19 17:10:47 +00:00			`// Make sure the kernel has CONFIG_SECCOMP_FILTER.`
all: Switch from package syscall to golang.org/x/sys/unix The syscall package is locked down and the comment in [1] advises to switch code to use the corresponding package from golang.org/x/sys. Do so and replace usage of package syscall where possible (leave syscall.SysProcAttr and syscall.Stat_t). [1] https://github.com/golang/go/blob/master/src/syscall/syscall.go#L21-L24 This will also allow to get updates and fixes just by re-vendoring golang.org/x/sys/unix instead of having to update to a new go version. Signed-off-by: Tobias Klauser <tklauser@distanz.ch> 2017-06-28 15:47:31 +00:00			`if _, _, err := unix.RawSyscall(unix.SYS_PRCTL, unix.PR_SET_SECCOMP, SeccompModeFilter, 0); err != unix.EINVAL {`
test: add a custom binary to reliable check seccomp support Signed-off-by: Antonio Murdaca <runcom@redhat.com> 2017-01-19 17:10:47 +00:00			`os.Exit(0)`
			`}`
			`}`
			`os.Exit(1)`
			`}`