seccomp: add support for riscv64
This patch adds seccomp support to the riscv64 architecture. seccomp
support is available in the riscv64 kernel since version 5.5, and it
has just been added to the libseccomp library.
riscv64 uses generic syscalls like aarch64, so I used that architecture
as a reference to find which code has to be modified.
With this patch, the testsuite passes successfully, including the
test-seccomp test. The system boots and works fine with kernel 5.4 (i.e.
without seccomp support) and kernel 5.5 (i.e. with seccomp support). I
have also verified that the "SystemCallFilter=~socket" option prevents a
service to use the ping utility when running on kernel 5.5.
(cherry picked from commit
f9252236c8618f7e0476667076b9a939f0e91967)
Gbp-Pq: Name seccomp-add-support-for-riscv64.patch
test-network: stop networkd and its socket
With the changes from
2c0dffe82db574b6b9e850e48f444674e4e1d7ea, starting
systemd-networkd.service will also activate systemd-networkd.socket.
When tearing down a test, we need to stop the socket as well, to make
sure networkd can't be activated accidentally with the wrong
configuration.
(cherry picked from commit
3aa645f0c0bb7697ef397ffef4647ff105d98fda)
Gbp-Pq: Name test-network-stop-networkd-and-its-socket.patch
networkd: use socket activation when starting networkd
Add After=systemd-networkd.socket to avoid a race condition and networkd
falling back to the non-socket activation code.
Also add Wants=systemd-networkd.socket, so the socket is started when
networkd is started via `systemctl start systemd-networkd.service`.
A Requires is not strictly necessary, as networkd still ships the
non-socket activation code. Should this code be removed one day, the
Wants should be bumped to Requires accordingly.
See also
5544ee85163733eaa50f598fcf3bd9421d4a42f9.
Fixes: #16809
(cherry picked from commit
2c0dffe82db574b6b9e850e48f444674e4e1d7ea)
Gbp-Pq: Name networkd-use-socket-activation-when-starting-networkd.patch
projects / systemd.git / log