LoadFilter loads a seccomp system call filter into the kernel for this process. This feature is only available on Linux 3.17+. If c is nil or does not contain a seccomp policy then a default policy will be used.
An error is returned if there is a config validation problem. Otherwise any errors interfacing with the kernel are logged (i.e. it is non-fatal if seccomp cannot be setup).
Policy precedence order (highest to lowest): - Policy values from config - Application registered policy - Default policy (a simple blacklist)
ModifyDefaultPolicy modifies the syscalls in the default policy. Any callers of this function must first check the architecture because policies are architecture specific.
func MustRegisterPolicy(p *seccomp.Policy)
MustRegisterPolicy registers a seccomp policy to use instead of the default policy. This can be used to register an application specific seccomp policy that is tailored to the specific system calls that the application requires. It panics if a policy has already been registered or if the given policy is invalid.
PolicyChangeType specifies the type of change to make to a seccomp policy.