Am 09.07.2018 um 02:22 schrieb Michael Biebl: > 2/ We remove the sandboxing features which trip up older systemd > versions. Specifically this is the commit which turns the seccomp > filters from a black into a whitelist. Specifically this would mean > removing > > SystemCallFilter=@system-service @module @raw-io > SystemCallErrorNumber=EPERM > > from systemd-udevd.service. With that change, the service file should > work with systemd v232 from stretch. That patch would be dropped in > buster+1.
> [1] > https://github.com/systemd/systemd/commit/ee8f26180d01e3ddd4e5f20b03b81e5e737657ae Given the comments in [1], removing the seccomp filter whitelist for udev might be a good idea anyway, as this has the potential for breaking (3rd party) udev rules. Atm I'm leaning towards removing those 2 lines (and re-adding them for buster+1) and dropping the versioned Breaks again we added for #902185, which seemingly wasn't sufficient on its own. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature