Bug#832713: systemd: after "systemd (231-1) unstable" update systemd-jurnald.service fails to start
Felipe Sateler
fsateler at debian.org
Wed Aug 3 17:06:53 BST 2016
On 1 August 2016 at 18:32, Rick Thomas <rbthomas at pobox.com> wrote:
>
> On Aug 1, 2016, at 2:40 PM, Felipe Sateler <fsateler at debian.org> wrote:
>
>> On 28 July 2016 at 17:04, Michael Biebl <biebl at debian.org> wrote:
>>> Am 28.07.2016 um 22:50 schrieb Rick Thomas:
>>>> In the interest of having a working system, I reverted that machine to systemd version 230-7. Unsurprisingly, the problem went away.
>>>>
>>>> I’ll try re-installing 231-1 and commenting that line. I’ll probably have a chance tonight. I’ll report when I have something.
>>>>
>>>> It may be worth noticing that other things failed as well when 231-1 was in. I’m attaching a ‘grep -i fail -C20’ of the screen log. Of particular note are “Failed to start Raise network interfaces” and “Failed to start Login Service.”
>>>>
>>>> Are there other places where I should remove a “SystemCallFilter” ?
>>>>
>>>
>>> Various units were locked down like e.g. in
>>> https://github.com/systemd/systemd/commit/4e069746fe0de1f60bd1b75c113b0f40ffe86736
>>>
>>> If the SystemCallFilter= is what causes journald to fail, it's likely it
>>> also affects those other services.
>>
>> Turns out seccomp is disabled in the arm* kernels:
>>
>> % grep SECCOMP boot/config-4.6.0-1-marvell
>> CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
>> # CONFIG_SECCOMP is not set
>>
>> % grep SECCOMP boot/config-4.6.0-1-armmp
>> CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
>> # CONFIG_SECCOMP is not set
>>
>> So I think the kernel should enable SECCOMP.
>>
>> However, I think systemd should also simply (warn and) ignore seccomp
>> calls if seccomp is not available in the current kernel.
>>
>> --
>>
>> Saludos,
>> Felipe Sateler
>
> Thanks, Filipe!
>
> What do we have to do at this point to test this and then translate it into a patch?
OK, so I have a proof-of-concept patch. Rick, could you test it in your machine?
--
Saludos,
Felipe Sateler
-------------- next part --------------
A non-text attachment was scrubbed...
Name: skip-seccomp.patch
Type: text/x-patch
Size: 3930 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20160803/2fcefafb/attachment-0002.bin>
More information about the Pkg-systemd-maintainers
mailing list