Am 20.03.20 um 00:23 schrieb Aurelien Jarno: > It happens that upstream systemd doesn't support yet riscv64. I came > with a very simple patch to fix that issue: > > --- systemd-245.2.orig/src/test/test-seccomp.c > +++ systemd-245.2/src/test/test-seccomp.c > @@ -72,6 +72,7 @@ static void test_architecture_table(void > "ppc\0" > "ppc64\0" > "ppc64-le\0" > + "riscv64\0" > "s390\0" > "s390x\0") { > uint32_t c; > > With this patch, test-seccomp pass successfully and the build succeed. > I have also tested that after installing the resulting seccomp package > the systemd boots and works fine with kernel 5.4 (i.e. without seccomp > support) and kernel 5.5 (i.e. with seccomp support).
It looks like src/shared/seccomp-util.c would need an update too. Have you tested, that seccomp is working on riscv64 with 5.5? Something like this should lead to a blocked ping: [Unit] Description=test seccomp filter [Service] ExecStart=ping -c 1 www.debian.org RestrictAddressFamilies=AF_UNIX ● test.service - test seccomp filter Loaded: loaded (/etc/systemd/system/test.service; static; vendor preset: enabled) Active: failed (Result: exit-code) since Fri 2020-03-20 01:31:16 CET; 3s ago Process: 350981 ExecStart=/bin/ping -c 1 www.debian.org (code=exited, status=2) Main PID: 350981 (code=exited, status=2) Mär 20 01:31:16 pluto systemd[1]: Started test seccomp filter. Mär 20 01:31:16 pluto ping[350981]: /bin/ping: socket: Die Adressfamilie wird von der Protokollfamilie nicht unterstützt Mär 20 01:31:16 pluto systemd[1]: test.service: Main process exited, code=exited, status=2/INVALIDARGUMENT Mär 20 01:31:16 pluto systemd[1]: test.service: Failed with result 'exit-code'. Regards, Michael
signature.asc
Description: OpenPGP digital signature