udev: drop SystemCallArchitectures=native from systemd-udevd.service

We can't really control what helper programs are run from other udev
rules. E.g. running i386 binaries under amd64 is a valid use case and
should not trigger a SIGSYS failure.

Closes: #869719
Gbp-Pq: Topic debian
Gbp-Pq: Name udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch

diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in
index e9dbe85ef4ad06f3f1317183651b5490f7d0d080..22ca8b95d638d7ac4e14dfa4c883ea4dfd6c2168 100644 (file)
--- a/units/systemd-udevd.service.in
+++ b/units/systemd-udevd.service.in
@@ -37,7 +37,6 @@ RestrictSUIDSGID=yes
 SystemCallFilter=@system-service @module @raw-io bpf
 SystemCallFilter=~@clock
 SystemCallErrorNumber=EPERM
-SystemCallArchitectures=native
 LockPersonality=yes
 IPAddressDeny=any
 {{SERVICE_WATCHDOG}}