InTheForest/moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2026-01-11 18:51:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #42796 from thaJeztah/containerd_seccomp_check

Browse Source 
pkg/sysinfo: use containerd/pkg/seccomp.IsEnabled()
This commit is contained in:
Akihiro Suda
2021-08-29 03:05:59 +09:00
committed by GitHub
parent abd7966165 accec292c1
commit fecf45b09a
4 changed files with 130 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
pkg/sysinfo/sysinfo_linux.go
View File

@@ -5,12 +5,11 @@ import (
"os"
"path"
"strings"
"sync"
cdcgroups "github.com/containerd/cgroups"
cdseccomp "github.com/containerd/containerd/pkg/seccomp"
"github.com/opencontainers/runc/libcontainer/cgroups"
"github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
)
func findCgroupMountpoints() (map[string]string, error) {
@@ -245,23 +244,9 @@ func applyCgroupNsInfo(info *SysInfo) {
}
}
var (
seccompOnce sync.Once
seccompEnabled bool
)
// applySeccompInfo checks if Seccomp is supported, via CONFIG_SECCOMP.
func applySeccompInfo(info *SysInfo) {
seccompOnce.Do(func() {
// Check if Seccomp is supported, via CONFIG_SECCOMP.
if err := unix.Prctl(unix.PR_GET_SECCOMP, 0, 0, 0, 0); err != unix.EINVAL {
// Make sure the kernel has CONFIG_SECCOMP_FILTER.
if err := unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0); err != unix.EINVAL {
seccompEnabled = true
}
}
})
info.Seccomp = seccompEnabled
info.Seccomp = cdseccomp.IsEnabled()
}
func cgroupEnabled(mountPoint, name string) bool {