Bug#984573: systemd: backport support for SYSTEMD_SECCOMP to Buster
Luca Boccassi
bluca at debian.org
Fri Mar 5 10:49:49 GMT 2021
Package: systemd
Version: 241-7~deb10u6
Tags: buster
Dear Maintainer(s),
Since glibc 2.33 faccessat() is implemented via faccessat2(), which
is breaking running containers that use such version of glibc under
systemd-nspawn in Buster.
This is because faccessat2 is not in the "known" seccomp set of
syscalls (
https://github.com/systemd/systemd/commit/bcf08acbffdee0d6360d3c31d268e73d0623e5dc
). Also, without https://github.com/systemd/systemd/pull/16819/commits
seccomp would still return EPERM instead of ENOSYS for faccessat2(), thus breaking the internal fallback to the original faccessat() implementation.
It would be great thus if the following could be backported to Buster
in the next proposed-updates upload:
https://github.com/systemd/systemd/commit/ce8f6d478e3f6c6a313fb19615aa5029bb18f86d
This would allow to run such new containers via nspawn on Buster.
Thank you!
--
Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20210305/0eaee35f/attachment.sig>
More information about the Pkg-systemd-maintainers
mailing list