summaryrefslogtreecommitdiffstats
path: root/debian/patches/debian/udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/debian/udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch25
1 files changed, 25 insertions, 0 deletions
diff --git a/debian/patches/debian/udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch b/debian/patches/debian/udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch
new file mode 100644
index 0000000..5ad154b
--- /dev/null
+++ b/debian/patches/debian/udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch
@@ -0,0 +1,25 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Tue, 19 Nov 2019 09:10:23 +0100
+Subject: udev: drop SystemCallArchitectures=native from systemd-udevd.service
+
+We can't really control what helper programs are run from other udev
+rules. E.g. running i386 binaries under amd64 is a valid use case and
+should not trigger a SIGSYS failure.
+
+Closes: #869719
+---
+ units/systemd-udevd.service.in | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in
+index e9dbe85..22ca8b9 100644
+--- a/units/systemd-udevd.service.in
++++ b/units/systemd-udevd.service.in
+@@ -37,7 +37,6 @@ RestrictSUIDSGID=yes
+ SystemCallFilter=@system-service @module @raw-io bpf
+ SystemCallFilter=~@clock
+ SystemCallErrorNumber=EPERM
+-SystemCallArchitectures=native
+ LockPersonality=yes
+ IPAddressDeny=any
+ {{SERVICE_WATCHDOG}}