+static inline __attribute__((unused)) int
+qemu_seccomp(unsigned int operation, unsigned int flags, void *args)
+{
+#ifdef __NR_seccomp
+ return syscall(__NR_seccomp, operation, flags, args);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+static uint32_t qemu_seccomp_get_action(int set)
+{
+ switch (set) {
+ case QEMU_SECCOMP_SET_DEFAULT:
+ case QEMU_SECCOMP_SET_OBSOLETE:
+ case QEMU_SECCOMP_SET_PRIVILEGED:
+ case QEMU_SECCOMP_SET_SPAWN: {
+#if defined(SECCOMP_GET_ACTION_AVAIL) && defined(SCMP_ACT_KILL_PROCESS) && \
+ defined(SECCOMP_RET_KILL_PROCESS)
+ static int kill_process = -1;
+ if (kill_process == -1) {
+ uint32_t action = SECCOMP_RET_KILL_PROCESS;
+
+ if (qemu_seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &action) == 0) {
+ kill_process = 1;
+ }
+ kill_process = 0;
+ }
+ if (kill_process == 1) {
+ return SCMP_ACT_KILL_PROCESS;
+ }
+#endif
+ return SCMP_ACT_TRAP;
+ }
+
+ case QEMU_SECCOMP_SET_RESOURCECTL:
+ return SCMP_ACT_ERRNO(EPERM);
+
+ default:
+ g_assert_not_reached();
+ }
+}