vbatts/cri-o
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #666 from tklauser/seccomp-x-sys-unix

Browse source 
Use Prctl() and associated constants from x/sys/unix
This commit is contained in:
Mrunal Patel 2017-07-18 09:58:40 -07:00 committed by GitHub
commit 2b18d58d60
113 changed files with 37870 additions and 17752 deletions
Download patch file Download diff file Expand all files Collapse all files

7
server/seccomp/seccomp.go
View file

@ -16,14 +16,11 @@ import (
// IsEnabled returns true if seccomp is enabled for the host.
func IsEnabled() bool {
// seccompModeFilter refers to the syscall argument SECCOMP_MODE_FILTER.
const seccompModeFilter = uintptr(2)
enabled := false
// Check if Seccomp is supported, via CONFIG_SECCOMP.
if _, _, err := unix.RawSyscall(unix.SYS_PRCTL, unix.PR_GET_SECCOMP, 0, 0); err != unix.EINVAL {
if err := unix.Prctl(unix.PR_GET_SECCOMP, 0, 0, 0, 0); err != unix.EINVAL {
// Make sure the kernel has CONFIG_SECCOMP_FILTER.
if _, _, err := unix.RawSyscall(unix.SYS_PRCTL, unix.PR_SET_SECCOMP, seccompModeFilter, 0); err != unix.EINVAL {
if err := unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0); err != unix.EINVAL {
enabled = true
}
}