From 92a51af7ba1e44338005696ecce5acc065b1f53a Mon Sep 17 00:00:00 2001
From: Tobias Klauser <tklauser@distanz.ch>
Date: Tue, 18 Jul 2017 15:32:15 +0200
Subject: [PATCH] seccomp: use Prctl() from x/sys/unix

Use unix.Prctl() instead of manually reimplementing it using
unix.RawSyscall. Also use unix.SECCOMP_MODE_FILTER instead of locally
defining it.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
---
 server/seccomp/seccomp.go         | 7 ++-----
 test/checkseccomp/checkseccomp.go | 9 ++-------
 2 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/server/seccomp/seccomp.go b/server/seccomp/seccomp.go
index 188f0ffb..d8ec63d2 100644
--- a/server/seccomp/seccomp.go
+++ b/server/seccomp/seccomp.go
@@ -16,14 +16,11 @@ import (
 
 // IsEnabled returns true if seccomp is enabled for the host.
 func IsEnabled() bool {
-	// seccompModeFilter refers to the syscall argument SECCOMP_MODE_FILTER.
-	const seccompModeFilter = uintptr(2)
-
 	enabled := false
 	// Check if Seccomp is supported, via CONFIG_SECCOMP.
-	if _, _, err := unix.RawSyscall(unix.SYS_PRCTL, unix.PR_GET_SECCOMP, 0, 0); err != unix.EINVAL {
+	if err := unix.Prctl(unix.PR_GET_SECCOMP, 0, 0, 0, 0); err != unix.EINVAL {
 		// Make sure the kernel has CONFIG_SECCOMP_FILTER.
-		if _, _, err := unix.RawSyscall(unix.SYS_PRCTL, unix.PR_SET_SECCOMP, seccompModeFilter, 0); err != unix.EINVAL {
+		if err := unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0); err != unix.EINVAL {
 			enabled = true
 		}
 	}
diff --git a/test/checkseccomp/checkseccomp.go b/test/checkseccomp/checkseccomp.go
index 895f2d90..ec7ee102 100644
--- a/test/checkseccomp/checkseccomp.go
+++ b/test/checkseccomp/checkseccomp.go
@@ -6,16 +6,11 @@ import (
 	"golang.org/x/sys/unix"
 )
 
-const (
-	// SeccompModeFilter refers to the unix argument SECCOMP_MODE_FILTER.
-	SeccompModeFilter = uintptr(2)
-)
-
 func main() {
 	// Check if Seccomp is supported, via CONFIG_SECCOMP.
-	if _, _, err := unix.RawSyscall(unix.SYS_PRCTL, unix.PR_GET_SECCOMP, 0, 0); err != unix.EINVAL {
+	if err := unix.Prctl(unix.PR_GET_SECCOMP, 0, 0, 0, 0); err != unix.EINVAL {
 		// Make sure the kernel has CONFIG_SECCOMP_FILTER.
-		if _, _, err := unix.RawSyscall(unix.SYS_PRCTL, unix.PR_SET_SECCOMP, SeccompModeFilter, 0); err != unix.EINVAL {
+		if err := unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0); err != unix.EINVAL {
 			os.Exit(0)
 		}
 	}