blob: 4ce4884fbeec12abc52f04b83ce80d1fae73e82a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
From: Michael Biebl <biebl@debian.org>
Date: Wed, 18 Jul 2018 23:49:16 +0200
Subject: Drop seccomp system call filter for udev
The seccomp based system call whitelist requires at least systemd 239 to
be the active init and during a dist-upgrade we can't guarantee that
systemd has been fully configured before udev is restarted.
This partially reverts upstream commit
ee8f26180d01e3ddd4e5f20b03b81e5e737657ae.
Once buster is released, this patch can be dropped.
Closes: #903224
---
units/systemd-udevd.service.in | 2 --
1 file changed, 2 deletions(-)
diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in
index f3458d9..225eac2 100644
--- a/units/systemd-udevd.service.in
+++ b/units/systemd-udevd.service.in
@@ -35,8 +35,6 @@ MemoryDenyWriteExecute=yes
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
RestrictRealtime=yes
RestrictSUIDSGID=yes
-SystemCallFilter=@system-service @module @raw-io
-SystemCallErrorNumber=EPERM
SystemCallArchitectures=native
LockPersonality=yes
IPAddressDeny=any
|
