mirror of
https://github.com/containers/podman.git
synced 2025-11-13 01:29:06 +08:00
57cdc21b00
Update the login tests to reflect the latest changes to allow http{s}
prefixes (again) to address bugzilla.redhat.com/show_bug.cgi?id=2062072.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
51 lines
1.4 KiB
Go
51 lines
1.4 KiB
Go
//go:build linux && seccomp
|
|
// +build linux,seccomp
|
|
|
|
package seccomp
|
|
|
|
import (
|
|
"sync"
|
|
|
|
"golang.org/x/sys/unix"
|
|
)
|
|
|
|
var (
|
|
supported bool
|
|
supOnce sync.Once
|
|
)
|
|
|
|
// IsSupported returns true if the system has been configured to support
|
|
// seccomp (including the check for CONFIG_SECCOMP_FILTER kernel option).
|
|
func IsSupported() bool {
|
|
// Excerpts from prctl(2), section ERRORS:
|
|
//
|
|
// EACCES
|
|
// option is PR_SET_SECCOMP and arg2 is SECCOMP_MODE_FILTER, but
|
|
// the process does not have the CAP_SYS_ADMIN capability or has
|
|
// not set the no_new_privs attribute <...>.
|
|
// <...>
|
|
// EFAULT
|
|
// option is PR_SET_SECCOMP, arg2 is SECCOMP_MODE_FILTER, the
|
|
// system was built with CONFIG_SECCOMP_FILTER, and arg3 is an
|
|
// invalid address.
|
|
// <...>
|
|
// EINVAL
|
|
// option is PR_SET_SECCOMP or PR_GET_SECCOMP, and the kernel
|
|
// was not configured with CONFIG_SECCOMP.
|
|
//
|
|
// EINVAL
|
|
// option is PR_SET_SECCOMP, arg2 is SECCOMP_MODE_FILTER,
|
|
// and the kernel was not configured with CONFIG_SECCOMP_FILTER.
|
|
// <end of quote>
|
|
//
|
|
// Meaning, in case these kernel options are set (this is what we check
|
|
// for here), we will get some other error (most probably EACCES or
|
|
// EFAULT). IOW, EINVAL means "seccomp not supported", any other error
|
|
// means it is supported.
|
|
|
|
supOnce.Do(func() {
|
|
supported = unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0) != unix.EINVAL
|
|
})
|
|
return supported
|
|
}
|