diff --git a/pkg/seccomp/seccomp_linux.go b/pkg/seccomp/seccomp_linux.go
index f324bde72..a23b492c6 100644
--- a/pkg/seccomp/seccomp_linux.go
+++ b/pkg/seccomp/seccomp_linux.go
@@ -33,9 +33,16 @@
 package seccomp
 
 import (
+	"sync"
+
 	"golang.org/x/sys/unix"
 )
 
+var (
+	enabled     bool
+	enabledOnce sync.Once
+)
+
 // isEnabled returns whether the kernel has been configured to support seccomp
 // (including the check for CONFIG_SECCOMP_FILTER kernel option).
 func isEnabled() bool {
@@ -65,5 +72,9 @@ func isEnabled() bool {
 	// EFAULT). IOW, EINVAL means "seccomp not supported", any other error
 	// means it is supported.
 
-	return unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0) != unix.EINVAL
+	enabledOnce.Do(func() {
+		enabled = unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0) != unix.EINVAL
+	})
+
+	return enabled
 }