diff --git a/.gitignore b/.gitignore
index 50485059..59b6efe0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,3 +11,4 @@ ocid.conf
 test/bin2img/bin2img
 test/copyimg/copyimg
 test/testdata/redis-image
+test/checkseccomp/checkseccomp
diff --git a/Makefile b/Makefile
index 9a37318c..f4efef6a 100644
--- a/Makefile
+++ b/Makefile
@@ -50,6 +50,9 @@ bin2img:
 copyimg:
 	make -C test/$@
 
+checkseccomp:
+	make -C test/$@
+
 ocid:
 ifndef GOPATH
 	$(error GOPATH is not set)
@@ -82,6 +85,7 @@ clean:
 	make -C pause clean
 	make -C test/bin2img clean
 	make -C test/copyimg clean
+	make -C test/checkseccomp clean
 
 ocidimage:
 	docker build -t ${OCID_IMAGE} .
@@ -95,7 +99,7 @@ integration: ocidimage
 localintegration: binaries
 	./test/test_runner.sh ${TESTFLAGS}
 
-binaries: ocid ocic kpod conmon pause bin2img copyimg
+binaries: ocid ocic kpod conmon pause bin2img copyimg checkseccomp
 
 MANPAGES_MD := $(wildcard docs/*.md)
 MANPAGES    := $(MANPAGES_MD:%.md=%)
@@ -191,6 +195,7 @@ install.tools: .install.gitvalidation .install.gometalinter .install.md2man
 .PHONY: \
 	bin2img \
 	binaries \
+	checkseccomp \
 	clean \
 	conmon \
 	copyimg \
diff --git a/test/checkseccomp/Makefile b/test/checkseccomp/Makefile
new file mode 100644
index 00000000..fc3ba4fb
--- /dev/null
+++ b/test/checkseccomp/Makefile
@@ -0,0 +1,6 @@
+checkseccomp: $(wildcard *.go)
+	go build -o $@
+
+.PHONY: clean
+	clean:
+	rm -f checkseccomp
diff --git a/test/checkseccomp/checkseccomp.go b/test/checkseccomp/checkseccomp.go
new file mode 100644
index 00000000..06a2f69c
--- /dev/null
+++ b/test/checkseccomp/checkseccomp.go
@@ -0,0 +1,22 @@
+package main
+
+import (
+	"os"
+	"syscall"
+)
+
+const (
+	// SeccompModeFilter refers to the syscall argument SECCOMP_MODE_FILTER.
+	SeccompModeFilter = uintptr(2)
+)
+
+func main() {
+	// Check if Seccomp is supported, via CONFIG_SECCOMP.
+	if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_GET_SECCOMP, 0, 0); err != syscall.EINVAL {
+		// Make sure the kernel has CONFIG_SECCOMP_FILTER.
+		if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_SECCOMP, SeccompModeFilter, 0); err != syscall.EINVAL {
+			os.Exit(0)
+		}
+	}
+	os.Exit(1)
+}