diff options
Diffstat (limited to '')
-rw-r--r-- | debian/patches/debian/udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/debian/patches/debian/udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch b/debian/patches/debian/udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch new file mode 100644 index 0000000..5ad154b --- /dev/null +++ b/debian/patches/debian/udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch @@ -0,0 +1,25 @@ +From: Michael Biebl <biebl@debian.org> +Date: Tue, 19 Nov 2019 09:10:23 +0100 +Subject: udev: drop SystemCallArchitectures=native from systemd-udevd.service + +We can't really control what helper programs are run from other udev +rules. E.g. running i386 binaries under amd64 is a valid use case and +should not trigger a SIGSYS failure. + +Closes: #869719 +--- + units/systemd-udevd.service.in | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in +index e9dbe85..22ca8b9 100644 +--- a/units/systemd-udevd.service.in ++++ b/units/systemd-udevd.service.in +@@ -37,7 +37,6 @@ RestrictSUIDSGID=yes + SystemCallFilter=@system-service @module @raw-io bpf + SystemCallFilter=~@clock + SystemCallErrorNumber=EPERM +-SystemCallArchitectures=native + LockPersonality=yes + IPAddressDeny=any + {{SERVICE_WATCHDOG}} |