Move seccomp enabled check into seccomp package

Signed-off-by: Andrew Pilloud <andrewpilloud@igneoussystems.com>
2017-02-21 16:39:31 -08:00 · 2017-02-21 16:39:31 -08:00 · 2bb4191047
commit 2bb4191047
parent 44e7e88ff3
3 changed files with 23 additions and 19 deletions
--- a/server/server.go
+++ b/server/server.go
@ -6,7 +6,6 @@ import (
 	"io/ioutil"
 	"os"
 	"sync"
-	"syscall"

 	"github.com/Sirupsen/logrus"
 	"github.com/containers/image/types"
@ -425,23 +424,6 @@ func (s *Server) releaseContainerName(name string) {
 	s.ctrNameIndex.Release(name)
 }

-const (
-	// SeccompModeFilter refers to the syscall argument SECCOMP_MODE_FILTER.
-	SeccompModeFilter = uintptr(2)
-)
-
-func seccompEnabled() bool {
-	var enabled bool
-	// Check if Seccomp is supported, via CONFIG_SECCOMP.
-	if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_GET_SECCOMP, 0, 0); err != syscall.EINVAL {
-		// Make sure the kernel has CONFIG_SECCOMP_FILTER.
-		if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_SECCOMP, SeccompModeFilter, 0); err != syscall.EINVAL {
-			enabled = true
-		}
-	}
-	return enabled
-}
-
 // Shutdown attempts to shut down the server's storage cleanly
 func (s *Server) Shutdown() error {
 	_, err := s.store.Shutdown(false)
@ -491,7 +473,7 @@ func New(config *Config) (*Server, error) {
 			sandboxes:  sandboxes,
 			containers: containers,
 		},
-		seccompEnabled:  seccompEnabled(),
+		seccompEnabled:  seccomp.IsEnabled(),
 		appArmorEnabled: apparmor.IsEnabled(),
 		appArmorProfile: config.ApparmorProfile,
 	}