seccomp: use Prctl() from x/sys/unix

Use unix.Prctl() instead of manually reimplementing it using
unix.RawSyscall. Also use unix.SECCOMP_MODE_FILTER instead of locally
defining it.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

server/seccomp/seccomp.go

@@ -16,14 +16,11 @@ import (
 
 // IsEnabled returns true if seccomp is enabled for the host.
 func IsEnabled() bool {
-	// seccompModeFilter refers to the syscall argument SECCOMP_MODE_FILTER.
-	const seccompModeFilter = uintptr(2)
-
 	enabled := false
 	// Check if Seccomp is supported, via CONFIG_SECCOMP.
-	if _, _, err := unix.RawSyscall(unix.SYS_PRCTL, unix.PR_GET_SECCOMP, 0, 0); err != unix.EINVAL {
+	if err := unix.Prctl(unix.PR_GET_SECCOMP, 0, 0, 0, 0); err != unix.EINVAL {
 		// Make sure the kernel has CONFIG_SECCOMP_FILTER.
-		if _, _, err := unix.RawSyscall(unix.SYS_PRCTL, unix.PR_SET_SECCOMP, seccompModeFilter, 0); err != unix.EINVAL {
+		if err := unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0); err != unix.EINVAL {
 			enabled = true
 		}
 	}

test/checkseccomp/checkseccomp.go

@@ -6,16 +6,11 @@ import (
 	"golang.org/x/sys/unix"
 )
 
-const (
-	// SeccompModeFilter refers to the unix argument SECCOMP_MODE_FILTER.
-	SeccompModeFilter = uintptr(2)
-)
-
 func main() {
 	// Check if Seccomp is supported, via CONFIG_SECCOMP.
-	if _, _, err := unix.RawSyscall(unix.SYS_PRCTL, unix.PR_GET_SECCOMP, 0, 0); err != unix.EINVAL {
+	if err := unix.Prctl(unix.PR_GET_SECCOMP, 0, 0, 0, 0); err != unix.EINVAL {
 		// Make sure the kernel has CONFIG_SECCOMP_FILTER.
-		if _, _, err := unix.RawSyscall(unix.SYS_PRCTL, unix.PR_SET_SECCOMP, SeccompModeFilter, 0); err != unix.EINVAL {
+		if err := unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0); err != unix.EINVAL {
 			os.Exit(0)
 		}
 	}