func LoadFilter()

in seccomp_linux.go [50:82]

• 28 lines of code
• 7 McCabe index (conditional complexity)

func LoadFilter(filter Filter) error {
	insts, err := filter.Policy.Assemble()
	if err != nil {
		return fmt.Errorf("failed to assemble policy: %w", err)
	}

	raw, err := bpf.Assemble(insts)
	if err != nil {
		return fmt.Errorf("failed to assemble BPF instructions: %w", err)
	}

	sockFilter := sockFilter(raw)
	program := &syscall.SockFprog{
		Len:    uint16(len(sockFilter)),
		Filter: &sockFilter[0],
	}

	if filter.NoNewPrivs {
		if err = SetNoNewPrivs(); err != nil {
			return fmt.Errorf("failed to set no_new_privs with prctl: %w", err)
		}
	}

	if err = seccomp(seccompSetModeFilter, filter.Flag, unsafe.Pointer(program)); err != nil {
		if err == syscall.ENOSYS {
			return fmt.Errorf("failed loading seccomp filter: seccomp "+
				"is not supported by the kernel: %w", err)
		}
		return fmt.Errorf("failed loading seccomp filter: %w", err)
	}

	return nil
}