summaryrefslogtreecommitdiffstats
path: root/src/nspawn
diff options
context:
space:
mode:
authorMichał Górny <mgorny@gentoo.org>2024-11-17 16:34:35 +0100
committerYu Watanabe <watanabe.yu+github@gmail.com>2024-11-18 03:43:35 +0100
commit7fd70a532681c0ea4cd6ff04d1a7950dae3efc8c (patch)
tree7528a3465326031833118fdfd34f29d03cb4de87 /src/nspawn
parentpo: Translated using Weblate (Hebrew) (diff)
downloadsystemd-7fd70a532681c0ea4cd6ff04d1a7950dae3efc8c.tar.xz
systemd-7fd70a532681c0ea4cd6ff04d1a7950dae3efc8c.zip
nspawn: Include arm_fadvise64_64 in syscall allow_list
Add the `arm_fadvise64_64` syscall to the allow_list, in addition to the existing `fadvise64` and `fadvise64_64` syscalls, as this is the syscall actually defined for `arm` architecture. Adding it fixes the syscall being rejected in arm32 containers. Fixes #35194
Diffstat (limited to 'src/nspawn')
-rw-r--r--src/nspawn/nspawn-seccomp.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c
index 4d45651b3b..e85c3c72cc 100644
--- a/src/nspawn/nspawn-seccomp.c
+++ b/src/nspawn/nspawn-seccomp.c
@@ -50,6 +50,7 @@ static int add_syscall_filters(
{ CAP_IPC_LOCK, "@memlock" },
/* Plus a good set of additional syscalls which are not part of any of the groups above */
+ { 0, "arm_fadvise64_64" },
{ 0, "brk" },
{ 0, "capget" },
{ 0, "capset" },