On Aug 1, 2016, at 2:40 PM, Felipe Sateler <fsate...@debian.org> wrote:
> On 28 July 2016 at 17:04, Michael Biebl <bi...@debian.org> wrote: >> Am 28.07.2016 um 22:50 schrieb Rick Thomas: >>> In the interest of having a working system, I reverted that machine to >>> systemd version 230-7. Unsurprisingly, the problem went away. >>> >>> I’ll try re-installing 231-1 and commenting that line. I’ll probably have >>> a chance tonight. I’ll report when I have something. >>> >>> It may be worth noticing that other things failed as well when 231-1 was >>> in. I’m attaching a ‘grep -i fail -C20’ of the screen log. Of particular >>> note are “Failed to start Raise network interfaces” and “Failed to start >>> Login Service.” >>> >>> Are there other places where I should remove a “SystemCallFilter” ? >>> >> >> Various units were locked down like e.g. in >> https://github.com/systemd/systemd/commit/4e069746fe0de1f60bd1b75c113b0f40ffe86736 >> >> If the SystemCallFilter= is what causes journald to fail, it's likely it >> also affects those other services. > > Turns out seccomp is disabled in the arm* kernels: > > % grep SECCOMP boot/config-4.6.0-1-marvell > CONFIG_HAVE_ARCH_SECCOMP_FILTER=y > # CONFIG_SECCOMP is not set > > % grep SECCOMP boot/config-4.6.0-1-armmp > CONFIG_HAVE_ARCH_SECCOMP_FILTER=y > # CONFIG_SECCOMP is not set > > So I think the kernel should enable SECCOMP. > > However, I think systemd should also simply (warn and) ignore seccomp > calls if seccomp is not available in the current kernel. > > -- > > Saludos, > Felipe Sateler Thanks, Filipe! What do we have to do at this point to test this and then translate it into a patch? Michael, do you have any suggestions? Thanks! Rick
