Bug#984573: systemd: backport support for SYSTEMD_SECCOMP to Buster

[Michael Biebl]

Am 05.03.21 um 13:10 schrieb Luca Boccassi:
> Control: tags -1 -moreinfo
> 
> On Fri, 2021-03-05 at 12:56 +0100, Michael Biebl wrote:
>> Control: fixed -1 247-1
>> Control: tags -1 + moreinfo
>>
>> Am 05.03.21 um 11:49 schrieb Luca Boccassi:
>>> Package: systemd
>>> Version: 241-7~deb10u6
>>> Tags: buster
>>>
>>> Dear Maintainer(s),
>>>
>>> Since glibc 2.33 faccessat() is implemented via faccessat2(), which
>>> is breaking running containers that use such version of glibc under
>>> systemd-nspawn in Buster.
>>>
>>
>> I assume you have non-Debian containers in mind here? Even Debian
>> unstable only has glibc 2.31
> 
> Yes - Archlinux-based or Fedora Rawhide-based containers for example
> are affected as of now.
> 
>>> https://github.com/systemd/systemd/commit/ce8f6d478e3f6c6a313fb19615aa5029bb18f86d
>>
>> Have you verified that applying this commit on top of v241 is sufficient
>> to run such containers?
> 
> Not directly - it was verified (by Frantisek, CC'ed) to fix the issue
> when backporting to v245 on Ubuntu Focal. We've asked for the backport
> there as well, so I'm trying to ensure other LTS distros get this
> workaround as well, since as we move forward and the new glibc spreads
> to more container runtimes, the affected base will grow.
> 
> The code change applies cleanly on both v241 and v245 (there's a
> conflict in the doc/ file, but that's obviously trivial to deal with).
> 

Ok. Thanks for the additional information.
I've usertagged it so it shows up at
https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=pkg-systemd-maintainers@lists.alioth.debian.org;tag=buster-backport;dist=stable

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20210305/d01b526e/attachment-0001.sig>