libcontainer: use Prctl() from x/sys/unix

Use unix.Prctl() instead of manually reimplementing it using unix.RawSyscall. Also use unix.SECCOMP_MODE_FILTER instead of locally defining it. Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2025-12-24 11:50:58 +08:00 · 2017-07-03 14:05:28 +02:00
parent 05ea5e47aa
commit a380fae959
2 changed files with 6 additions and 10 deletions
--- a/libcontainer/system/linux.go
+++ b/libcontainer/system/linux.go
@@ -64,7 +64,7 @@ func Prlimit(pid, resource int, limit unix.Rlimit) error {
 }

 func SetParentDeathSignal(sig uintptr) error {
-	if _, _, err := unix.RawSyscall(unix.SYS_PRCTL, unix.PR_SET_PDEATHSIG, sig, 0); err != 0 {
+	if err := unix.Prctl(unix.PR_SET_PDEATHSIG, sig, 0, 0, 0); err != nil {
 		return err
 	}
 	return nil
@@ -72,15 +72,14 @@ func SetParentDeathSignal(sig uintptr) error {

 func GetParentDeathSignal() (ParentDeathSignal, error) {
 	var sig int
-	_, _, err := unix.RawSyscall(unix.SYS_PRCTL, unix.PR_GET_PDEATHSIG, uintptr(unsafe.Pointer(&sig)), 0)
-	if err != 0 {
+	if err := unix.Prctl(unix.PR_GET_PDEATHSIG, uintptr(unsafe.Pointer(&sig)), 0, 0, 0); err != nil {
 		return -1, err
 	}
 	return ParentDeathSignal(sig), nil
 }

 func SetKeepCaps() error {
-	if _, _, err := unix.RawSyscall(unix.SYS_PRCTL, unix.PR_SET_KEEPCAPS, 1, 0); err != 0 {
+	if err := unix.Prctl(unix.PR_SET_KEEPCAPS, 1, 0, 0, 0); err != nil {
 		return err
 	}

@@ -88,7 +87,7 @@ func SetKeepCaps() error {
 }

 func ClearKeepCaps() error {
-	if _, _, err := unix.RawSyscall(unix.SYS_PRCTL, unix.PR_SET_KEEPCAPS, 0, 0); err != 0 {
+	if err := unix.Prctl(unix.PR_SET_KEEPCAPS, 0, 0, 0, 0); err != nil {
 		return err
 	}