func (sc *seccomp) Activate() {
rc := C.seccomp_load(sc.ctx)
if rc != 0 {
panic("Failed to load seccomp rules into kernel.")
}
C.seccomp_release(sc.ctx)
}
// Release releases a filter context, freeing its memory. Should be called after
// loading into the kernel, when the filter is no longer needed.
// After calling this function, the given filter is no longer valid and cannot
// be used.
// Release() will be invoked automatically when a filter context is garbage
// collected, but can also be called manually to free memory.
func (f *ScmpFilter) Release() {
f.lock.Lock()
defer f.lock.Unlock()
if !f.valid {
return
}
f.valid = false
C.seccomp_release(f.filterCtx)
}