On Aug 1, 2016, at 2:40 PM, Felipe Sateler <fsate...@debian.org> wrote:

> On 28 July 2016 at 17:04, Michael Biebl <bi...@debian.org> wrote:
>> Am 28.07.2016 um 22:50 schrieb Rick Thomas:
>>> In the interest of having a working system, I reverted that machine to 
>>> systemd version 230-7.  Unsurprisingly, the problem went away.
>>> 
>>> I’ll try re-installing 231-1 and commenting that line.  I’ll probably have 
>>> a chance tonight.  I’ll report when I have something.
>>> 
>>> It may be worth noticing that other things failed as well when 231-1 was 
>>> in.  I’m attaching a ‘grep -i fail -C20’ of the screen log.  Of particular 
>>> note are “Failed to start Raise network interfaces” and “Failed to start 
>>> Login Service.”
>>> 
>>> Are there other places where I should remove a “SystemCallFilter” ?
>>> 
>> 
>> Various units were locked down like e.g. in
>> https://github.com/systemd/systemd/commit/4e069746fe0de1f60bd1b75c113b0f40ffe86736
>> 
>> If the SystemCallFilter= is what causes journald to fail, it's likely it
>> also affects those other services.
> 
> Turns out seccomp is disabled in the arm* kernels:
> 
> % grep SECCOMP boot/config-4.6.0-1-marvell
> CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
> # CONFIG_SECCOMP is not set
> 
> % grep SECCOMP boot/config-4.6.0-1-armmp
> CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
> # CONFIG_SECCOMP is not set
> 
> So I think the kernel should enable SECCOMP.
> 
> However, I think systemd should also simply (warn and) ignore seccomp
> calls if seccomp is not available in the current kernel.
> 
> -- 
> 
> Saludos,
> Felipe Sateler

Thanks, Filipe!

What do we have to do at this point to test this and then translate it into a 
patch?

Michael, do you have any suggestions?

Thanks!
Rick

Reply via email to