Bug 1546063 - SystemCallFilter= is broken
Summary: SystemCallFilter= is broken
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: systemd
Version: 7.5
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: systemd-maint
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-02-16 09:01 UTC by Susant Sahani
Modified: 2019-03-19 10:20 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed:


Attachments (Terms of Use)

Description Susant Sahani 2018-02-16 09:01:31 UTC
Description of problem:

SystemCallFilter= is broken 

Version-Release number of selected component (if applicable):
219

How reproducible:
frequent

Steps to Reproduce:

use 
https://github.com/systemd/systemd-fedora-ci/blob/master/execute/exec-systemcallfilter-failing.service

or 

exec-systemcallfilter-failing2.service

Actual results:
SystemCallFilter= is not working 

Expected results:

Should work



Additional info:

Comment 2 Ján Lalinský 2019-03-19 10:20:20 UTC
Also, according to tigalch here:

https://bugs.centos.org/view.php?id=15934#c34042

SECCOMP is not enabled in RHEL-distributed build of systemd, even though the Linux kernel (I've checked Centos 3.10.0-957.5.1.el7.x86_64) does support SECCOMP and upstream systemd does support using SECCOMP via SystemCallFilter from version 187.

Is this lack of support of SECCOMP in systemd in RHEL 7 intentional? Is this sort of thing (intentional feature drop) expected to be documented somewhere on Redhat's site or in package files?


Note You need to log in before you can comment on or make changes to this bug.