1856273 – System call blacklist defined for service, and @raw-io is included 0.1

Bug 1856273 - System call blacklist defined for service, and @raw-io is included 0.1

Summary: System call blacklist defined for service, and @raw-io is included 0.1

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	systemd
Sub Component:
Version:	32
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	systemd-maint
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-07-13 09:01 UTC by Harald Reindl
Modified:	2020-10-05 18:34 UTC (History)
CC List:	6 users (show)
Fixed In Version:	systemd-245.8-2.fc32 systemd-243.9-1.fc31
Clone Of:
Environment:
Last Closed:	2020-09-23 17:12:48 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Harald Reindl 2020-07-13 09:01:03 UTC

systemd-243.8-1.fc31.x86_64
"systemd-analyze security servicename"

this is nonsense:
System call blacklist defined for service, and @clock is included               0.1
System call blacklist defined for service, and @debug is included               0.1
System call blacklist defined for service, and @module is included              0.1
System call blacklist defined for service, and @mount is included               0.1
System call blacklist defined for service, and @raw-io is included              0.1
System call blacklist defined for service, and @reboot is included              0.1
System call blacklist defined for service, and @swap is included                0.1

this is correct:
System call blacklist defined for service, and @privileged is not included      0.2
System call blacklist defined for service, and @resources is not included       0.2


SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap acct modify_ldt add_key adjtimex clock_adjtime delete_module fanotify_init finit_module get_mempolicy init_module io_destroy io_getevents iopl ioperm io_setup io_submit io_cancel kcmp kexec_load keyctl lookup_dcookie mbind migrate_pages mount move_pages open_by_handle_at perf_event_open pivot_root process_vm_readv process_vm_writev ptrace remap_file_pages request_key set_mempolicy swapoff swapon umount2 uselib vmsplice

Comment 1 Harald Reindl 2020-07-16 14:58:43 UTC

https://github.com/systemd/systemd/issues/16451

Comment 2 Fedora Update System 2020-09-20 13:20:26 UTC

FEDORA-2020-0d29e88946 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-0d29e88946

Comment 3 Fedora Update System 2020-09-20 13:22:36 UTC

FEDORA-2020-dc4f0fb907 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-dc4f0fb907

Comment 4 Fedora Update System 2020-09-20 23:55:21 UTC

FEDORA-2020-0d29e88946 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-0d29e88946`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-0d29e88946

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 5 Fedora Update System 2020-09-21 00:39:16 UTC

FEDORA-2020-dc4f0fb907 has been pushed to the Fedora 31 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-dc4f0fb907`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-dc4f0fb907

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 6 Fedora Update System 2020-09-21 08:01:23 UTC

FEDORA-2020-0d29e88946 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-0d29e88946

Comment 7 Harald Reindl 2020-09-21 11:10:31 UTC

problem is that systemd-245.8-1.fc32.x86_64 is completly broken and fails to start a high percentage of my services

https://bugzilla.redhat.com/show_bug.cgi?id=1880989

Comment 8 Fedora Update System 2020-09-21 14:28:26 UTC

FEDORA-2020-0d29e88946 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-0d29e88946`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-0d29e88946

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 9 Fedora Update System 2020-09-23 17:12:48 UTC

FEDORA-2020-0d29e88946 has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 10 Fedora Update System 2020-10-05 18:34:48 UTC

FEDORA-2020-dc4f0fb907 has been pushed to the Fedora 31 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.