Am 20.03.20 um 00:23 schrieb Aurelien Jarno:
> It happens that upstream systemd doesn't support yet riscv64. I came
> with a very simple patch to fix that issue:
>
> --- systemd-245.2.orig/src/test/test-seccomp.c
> +++ systemd-245.2/src/test/test-seccomp.c
> @@ -72,6 +72,7 @@ static void test_architecture_table(void
> "ppc\0"
> "ppc64\0"
> "ppc64-le\0"
> + "riscv64\0"
> "s390\0"
> "s390x\0") {
> uint32_t c;
>
> With this patch, test-seccomp pass successfully and the build succeed.
> I have also tested that after installing the resulting seccomp package
> the systemd boots and works fine with kernel 5.4 (i.e. without seccomp
> support) and kernel 5.5 (i.e. with seccomp support).
It looks like src/shared/seccomp-util.c would need an update too.
Have you tested, that seccomp is working on riscv64 with 5.5?
Something like this should lead to a blocked ping:
[Unit]
Description=test seccomp filter
[Service]
ExecStart=ping -c 1 www.debian.org
RestrictAddressFamilies=AF_UNIX
● test.service - test seccomp filter
Loaded: loaded (/etc/systemd/system/test.service; static; vendor
preset: enabled)
Active: failed (Result: exit-code) since Fri 2020-03-20 01:31:16
CET; 3s ago
Process: 350981 ExecStart=/bin/ping -c 1 www.debian.org
(code=exited, status=2)
Main PID: 350981 (code=exited, status=2)
Mär 20 01:31:16 pluto systemd[1]: Started test seccomp filter.
Mär 20 01:31:16 pluto ping[350981]: /bin/ping: socket: Die Adressfamilie
wird von der Protokollfamilie nicht unterstützt
Mär 20 01:31:16 pluto systemd[1]: test.service: Main process exited,
code=exited, status=2/INVALIDARGUMENT
Mär 20 01:31:16 pluto systemd[1]: test.service: Failed with result
'exit-code'.
Regards,
Michael
signature.asc
Description: OpenPGP digital signature
