Add LockedLoad, to fix #51

twtiger · Jan 16, 2017 · 88e6c0f · 88e6c0f
1 parent 81110d3
commit 88e6c0f
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/seccomp.go b/seccomp.go
@@ -157,7 +157,6 @@ func Compile(path string, enforce bool) ([]unix.SockFilter, error) {
 // It has the same signature as CompileBlacklist from Subgraphs go-seccomp and should provide the same behavior.
 // However, the modern interface is through the Prepare function
 func CompileBlacklist(path string, enforce bool) ([]unix.SockFilter, error) {
-
 	settings := SeccompSettings{}
 	settings.DefaultNegativeAction = "allow"
 	settings.DefaultPolicyAction = "allow"
@@ -189,6 +188,15 @@ func Load(bpf []unix.SockFilter) error {
 	return native.InstallSeccomp(prog)
 }
 
+// LockedLoad will run Load with the arguments given while locking the
+// current OS thread. The existing Load can't do that, since LockOSThread is
+// not nestable at the moment
+func LockedLoad(bpf []unix.SockFilter) error {
+	runtime.LockOSThread()
+	defer runtime.UnlockOSThread()
+	return Load(bpf)
+}
+
 // Install will install the given policy filters into the kernel
 func Install(bpf []unix.SockFilter) error {
 	runtime.LockOSThread()