Your message dated Fri, 19 Mar 2021 23:02:10 +0000
with message-id <[email protected]>
and subject line Bug#984573: fixed in systemd 241-7~deb10u7
has caused the Debian Bug report #984573,
regarding systemd: backport support for SYSTEMD_SECCOMP to Buster
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
984573: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984573
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: systemd
Version: 241-7~deb10u6
Tags: buster
Dear Maintainer(s),
Since glibc 2.33 faccessat() is implemented via faccessat2(), which
is breaking running containers that use such version of glibc under
systemd-nspawn in Buster.
This is because faccessat2 is not in the "known" seccomp set of
syscalls (
https://github.com/systemd/systemd/commit/bcf08acbffdee0d6360d3c31d268e73d0623e5dc
). Also, without https://github.com/systemd/systemd/pull/16819/commits
seccomp would still return EPERM instead of ENOSYS for faccessat2(), thus
breaking the internal fallback to the original faccessat() implementation.
It would be great thus if the following could be backported to Buster
in the next proposed-updates upload:
https://github.com/systemd/systemd/commit/ce8f6d478e3f6c6a313fb19615aa5029bb18f86d
This would allow to run such new containers via nspawn on Buster.
Thank you!
--
Kind regards,
Luca Boccassi
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Source: systemd
Source-Version: 241-7~deb10u7
Done: Michael Biebl <[email protected]>
We believe that the bug you reported is fixed in the latest version of
systemd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated systemd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 18 Mar 2021 20:59:14 +0100
Source: systemd
Architecture: source
Version: 241-7~deb10u7
Distribution: buster
Urgency: medium
Maintainer: Debian systemd Maintainers
<[email protected]>
Changed-By: Michael Biebl <[email protected]>
Closes: 984495 984573
Changes:
systemd (241-7~deb10u7) buster; urgency=medium
.
* core: make sure to restore the control command id, too.
Fixes a segfault in systemd that can be triggered when both
daemon-reload and a service restart happen concurrently. (Closes: #984495)
* seccomp: allow turning off of seccomp filtering via env var.
Since glibc 2.33 faccessat() is implemented via faccessat2(), which
is breaking running containers that use such a version of glibc under
systemd-nspawn in Buster.
Turning off seccomp filtering via the SYSTEMD_SECCOMP env var makes it
possible to run such new containers. (Closes: #984573)
Checksums-Sha1:
a974dececf4fe55ac6c0598bba20812a89849936 4946 systemd_241-7~deb10u7.dsc
c9ce7a372253f2c861c76b43b156ac78d6fd3547 181896
systemd_241-7~deb10u7.debian.tar.xz
9e721e7794c8f014ce31bde785ad21251a266ae6 9288
systemd_241-7~deb10u7_source.buildinfo
Checksums-Sha256:
1abfa0f64d2ff59ab43b67dca133c8852cfdfd018ceaf5b661b6a2e4eda9954c 4946
systemd_241-7~deb10u7.dsc
b46079f75db2a5e496a2e6e14893e11477a58b8634e0fccbb3f09f9191907806 181896
systemd_241-7~deb10u7.debian.tar.xz
6b01478fb975b733ba4eec27ba7aa0840c9fe504fbf01ac399c1d2781b9cf38f 9288
systemd_241-7~deb10u7_source.buildinfo
Files:
d809118aa053515c839f1ed6ff30e0ad 4946 admin optional systemd_241-7~deb10u7.dsc
78a9d5a3302bc5bb7bc91811c86ca90b 181896 admin optional
systemd_241-7~deb10u7.debian.tar.xz
6cf7a9141f6929c0a9a5d073cab20dbc 9288 admin optional
systemd_241-7~deb10u7_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmBVANEACgkQauHfDWCP
ItwSiA/+LAmfkLet3NCfgDzY8rXDR1nYXGamfzLfAXvFOQhOErTTus4UAzMi5ncz
z1Ms+iib9LxhNNfduSozGmNWmrL28Psvu8bD0c/xOhS9CuHB4QsMykNWDwTp9Eqm
MePzFMa5mQnIxoNRe3jn4uCp2bwz0XdMnHoSspOKDmdSZSf42Nz5t80Mp30WMb/R
ZvAD5po4XzUJShxIdoAl7INAZGTrtycImwZsflEwcfm8R96WBRSzdePIxlcbO/UY
v4k+4V5dMnrvHkIszoRk4U5ScjSGW2XhhaILrbJuq6QQZx8eqRHXa6MmL+GiZOIK
gn4DrM1EOfpmG1ibXtZnMx3AqNPSIdr4eZA81nOxDvwZNkR+sb2Tj2nVkVKOHhUY
bXVEn6Gz2m6+zjuRqb7bZw9jPPhUwbJN47lb5p9w4FnjeYvlS5T1I0yObbzhrLMr
R7FOJLWODO3rnw+oEuWGj+j+rfZcf4cPLhnC9HWdiyEg2e+tDmYR7P5Z99l6p2je
dK0yJdoMIT6udgY5TBuE6mmN1d/y/ToDWDxypkUdlbCsAjzZ4gldpW2QS5RWfPA8
5qNx1ljPbpkO3yjcm4wnV1hPnaKTtqHQNZedFrIv90Y6hNGdCKjoeFj9hnJKQ61w
qKwthRN88ksiCSYubNk/gBCplNJwTTlAJQX4uaklfeakzgaj6xI=
=S3CT
-----END PGP SIGNATURE-----
--- End Message ---
