Bug#984573: systemd: backport support for SYSTEMD_SECCOMP to Buster

Luca Boccassi bluca at debian.org
Fri Mar 5 12:10:12 GMT 2021

Control: tags -1 -moreinfo

On Fri, 2021-03-05 at 12:56 +0100, Michael Biebl wrote:
> Control: fixed -1 247-1
> Control: tags -1 + moreinfo
> Am 05.03.21 um 11:49 schrieb Luca Boccassi:
> > Package: systemd
> > Version: 241-7~deb10u6
> > Tags: buster
> > 
> > Dear Maintainer(s),
> > 
> > Since glibc 2.33 faccessat() is implemented via faccessat2(), which
> > is breaking running containers that use such version of glibc under
> > systemd-nspawn in Buster.
> > 
> I assume you have non-Debian containers in mind here? Even Debian 
> unstable only has glibc 2.31

Yes - Archlinux-based or Fedora Rawhide-based containers for example
are affected as of now.

> > https://github.com/systemd/systemd/commit/ce8f6d478e3f6c6a313fb19615aa5029bb18f86d
> Have you verified that applying this commit on top of v241 is sufficient 
> to run such containers?

Not directly - it was verified (by Frantisek, CC'ed) to fix the issue
when backporting to v245 on Ubuntu Focal. We've asked for the backport
there as well, so I'm trying to ensure other LTS distros get this
workaround as well, since as we move forward and the new glibc spreads
to more container runtimes, the affected base will grow.

The code change applies cleanly on both v241 and v245 (there's a
conflict in the doc/ file, but that's obviously trivial to deal with).

Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20210305/b97b0435/attachment.sig>

More information about the Pkg-systemd-maintainers mailing list