diff options
| author | Michał Górny <mgorny@gentoo.org> | 2024-11-17 16:34:35 +0100 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2024-11-18 03:43:35 +0100 |
| commit | 7fd70a532681c0ea4cd6ff04d1a7950dae3efc8c (patch) | |
| tree | 7528a3465326031833118fdfd34f29d03cb4de87 /src | |
| parent | po: Translated using Weblate (Hebrew) (diff) | |
| download | systemd-7fd70a532681c0ea4cd6ff04d1a7950dae3efc8c.tar.xz systemd-7fd70a532681c0ea4cd6ff04d1a7950dae3efc8c.zip | |
nspawn: Include arm_fadvise64_64 in syscall allow_list
Add the `arm_fadvise64_64` syscall to the allow_list, in addition
to the existing `fadvise64` and `fadvise64_64` syscalls, as this is
the syscall actually defined for `arm` architecture. Adding it fixes
the syscall being rejected in arm32 containers.
Fixes #35194
Diffstat (limited to 'src')
| -rw-r--r-- | src/nspawn/nspawn-seccomp.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/nspawn/nspawn-seccomp.c b/src/nspawn/nspawn-seccomp.c index 4d45651b3b..e85c3c72cc 100644 --- a/src/nspawn/nspawn-seccomp.c +++ b/src/nspawn/nspawn-seccomp.c @@ -50,6 +50,7 @@ static int add_syscall_filters( { CAP_IPC_LOCK, "@memlock" }, /* Plus a good set of additional syscalls which are not part of any of the groups above */ + { 0, "arm_fadvise64_64" }, { 0, "brk" }, { 0, "capget" }, { 0, "capset" }, |