Am 20.03.20 um 01:32 schrieb Michael Biebl: > Have you tested, that seccomp is working on riscv64 with 5.5? > Something like this should lead to a blocked ping:
Here is a better test:
# cat test.service
[Unit]
Description=test seccomp filter
[Service]
ExecStart=ping -c 1 www.debian.org
SystemCallFilter=~socket
# systemctl status test
● test.service - test seccomp filter
Loaded: loaded (/etc/systemd/system/test.service; static; vendor
preset: enabled)
Active: failed (Result: signal) since Fri 2020-03-20 01:33:52 CET;
3s ago
Process: 351106 ExecStart=/bin/ping -c 1 www.debian.org
(code=killed, signal=SYS)
Main PID: 351106 (code=killed, signal=SYS)
Mär 20 01:33:52 pluto systemd[1]: Started test seccomp filter.
Mär 20 01:33:52 pluto systemd[1]: test.service: Main process exited,
code=killed, status=31/SYS
Mär 20 01:33:52 pluto systemd[1]: test.service: Failed with result 'signal'.
signature.asc
Description: OpenPGP digital signature
