Bug 1856273

Summary: System call blacklist defined for service, and @raw-io is included 0.1
Product: [Fedora] Fedora Reporter: Harald Reindl <h.reindl>
Component: systemdAssignee: systemd-maint
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 32CC: lnykryn, msekleta, ssahani, s, systemd-maint, zbyszek
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: systemd-245.8-2.fc32 systemd-243.9-1.fc31 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-09-23 17:12:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Harald Reindl 2020-07-13 09:01:03 UTC 
systemd-243.8-1.fc31.x86_64
"systemd-analyze security servicename"

this is nonsense:
System call blacklist defined for service, and @clock is included               0.1
System call blacklist defined for service, and @debug is included               0.1
System call blacklist defined for service, and @module is included              0.1
System call blacklist defined for service, and @mount is included               0.1
System call blacklist defined for service, and @raw-io is included              0.1
System call blacklist defined for service, and @reboot is included              0.1
System call blacklist defined for service, and @swap is included                0.1

this is correct:
System call blacklist defined for service, and @privileged is not included      0.2
System call blacklist defined for service, and @resources is not included       0.2


SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap acct modify_ldt add_key adjtimex clock_adjtime delete_module fanotify_init finit_module get_mempolicy init_module io_destroy io_getevents iopl ioperm io_setup io_submit io_cancel kcmp kexec_load keyctl lookup_dcookie mbind migrate_pages mount move_pages open_by_handle_at perf_event_open pivot_root process_vm_readv process_vm_writev ptrace remap_file_pages request_key set_mempolicy swapoff swapon umount2 uselib vmsplice
Comment 1 Harald Reindl 2020-07-16 14:58:43 UTC 
https://github.com/systemd/systemd/issues/16451
Comment 2 Fedora Update System 2020-09-20 13:20:26 UTC 
FEDORA-2020-0d29e88946 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-0d29e88946
Comment 3 Fedora Update System 2020-09-20 13:22:36 UTC 
FEDORA-2020-dc4f0fb907 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-dc4f0fb907
Comment 4 Fedora Update System 2020-09-20 23:55:21 UTC 
FEDORA-2020-0d29e88946 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-0d29e88946`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-0d29e88946

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 5 Fedora Update System 2020-09-21 00:39:16 UTC 
FEDORA-2020-dc4f0fb907 has been pushed to the Fedora 31 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-dc4f0fb907`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-dc4f0fb907

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 6 Fedora Update System 2020-09-21 08:01:23 UTC 
FEDORA-2020-0d29e88946 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-0d29e88946
Comment 7 Harald Reindl 2020-09-21 11:10:31 UTC 
problem is that systemd-245.8-1.fc32.x86_64 is completly broken and fails to start a high percentage of my services

https://bugzilla.redhat.com/show_bug.cgi?id=1880989
Comment 8 Fedora Update System 2020-09-21 14:28:26 UTC 
FEDORA-2020-0d29e88946 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-0d29e88946`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-0d29e88946

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 9 Fedora Update System 2020-09-23 17:12:48 UTC 
FEDORA-2020-0d29e88946 has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 10 Fedora Update System 2020-10-05 18:34:48 UTC 
FEDORA-2020-dc4f0fb907 has been pushed to the Fedora 31 stable repository.
If problem still persists, please make note of it in this bug report.