Package: systemd Version: 241-7~deb10u6 Tags: buster Dear Maintainer(s),
Since glibc 2.33 faccessat() is implemented via faccessat2(), which is breaking running containers that use such version of glibc under systemd-nspawn in Buster. This is because faccessat2 is not in the "known" seccomp set of syscalls ( https://github.com/systemd/systemd/commit/bcf08acbffdee0d6360d3c31d268e73d0623e5dc ). Also, without https://github.com/systemd/systemd/pull/16819/commits seccomp would still return EPERM instead of ENOSYS for faccessat2(), thus breaking the internal fallback to the original faccessat() implementation. It would be great thus if the following could be backported to Buster in the next proposed-updates upload: https://github.com/systemd/systemd/commit/ce8f6d478e3f6c6a313fb19615aa5029bb18f86d This would allow to run such new containers via nspawn on Buster. Thank you! -- Kind regards, Luca Boccassi
signature.asc
Description: This is a digitally signed message part
