Bug#984573: systemd: backport support for SYSTEMD_SECCOMP to Buster

Luca Boccassi bluca at debian.org
Fri Mar 5 10:49:49 GMT 2021

Package: systemd
Version: 241-7~deb10u6
Tags: buster

Dear Maintainer(s),

Since glibc 2.33 faccessat() is implemented via faccessat2(), which
is breaking running containers that use such version of glibc under
systemd-nspawn in Buster.

This is because faccessat2 is not in the "known" seccomp set of
syscalls (
). Also, without https://github.com/systemd/systemd/pull/16819/commits
seccomp would still return EPERM instead of ENOSYS for faccessat2(), thus breaking the internal fallback to the original faccessat() implementation.

It would be great thus if the following could be backported to Buster
in the next proposed-updates upload:


This would allow to run such new containers via nspawn on Buster.

Thank you!

Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20210305/0eaee35f/attachment.sig>

More information about the Pkg-systemd-maintainers mailing list