예제 #1
0
func (sc *seccomp) Activate() {
	rc := C.seccomp_load(sc.ctx)
	if rc != 0 {
		panic("Failed to load seccomp rules into kernel.")
	}
	C.seccomp_release(sc.ctx)
}
예제 #2
0
파일: seccomp.go 프로젝트: 40a/bootkube
// Release releases a filter context, freeing its memory. Should be called after
// loading into the kernel, when the filter is no longer needed.
// After calling this function, the given filter is no longer valid and cannot
// be used.
// Release() will be invoked automatically when a filter context is garbage
// collected, but can also be called manually to free memory.
func (f *ScmpFilter) Release() {
	f.lock.Lock()
	defer f.lock.Unlock()

	if !f.valid {
		return
	}

	f.valid = false
	C.seccomp_release(f.filterCtx)
}