Support priv/unpriv image extraction

Optionally add back privileged extraction which can be enabled with LUET_PRIVILEGED_EXTRACT=true Signed-off-by: Ettore Di Giacinto <mudler@sabayon.org>
2025-09-11 20:19:30 +00:00 · 2021-06-16 23:29:23 +02:00
parent 8780e4f16f
commit 92e18d5782
663 changed files with 157764 additions and 203 deletions
--- a/vendor/github.com/moby/buildkit/util/system/seccomp_linux.go
+++ b/vendor/github.com/moby/buildkit/util/system/seccomp_linux.go
@@ -0,0 +1,29 @@
+// +build linux,seccomp
+
+package system
+
+import (
+	"sync"
+
+	"golang.org/x/sys/unix"
+)
+
+var seccompSupported bool
+var seccompOnce sync.Once
+
+func SeccompSupported() bool {
+	seccompOnce.Do(func() {
+		seccompSupported = getSeccompSupported()
+	})
+	return seccompSupported
+}
+
+func getSeccompSupported() bool {
+	if err := unix.Prctl(unix.PR_GET_SECCOMP, 0, 0, 0, 0); err != unix.EINVAL {
+		// Make sure the kernel has CONFIG_SECCOMP_FILTER.
+		if err := unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0); err != unix.EINVAL {
+			return true
+		}
+	}
+	return false
+}