Am 20.03.20 um 01:32 schrieb Michael Biebl: > Have you tested, that seccomp is working on riscv64 with 5.5? > Something like this should lead to a blocked ping:
Here is a better test: # cat test.service [Unit] Description=test seccomp filter [Service] ExecStart=ping -c 1 www.debian.org SystemCallFilter=~socket # systemctl status test ● test.service - test seccomp filter Loaded: loaded (/etc/systemd/system/test.service; static; vendor preset: enabled) Active: failed (Result: signal) since Fri 2020-03-20 01:33:52 CET; 3s ago Process: 351106 ExecStart=/bin/ping -c 1 www.debian.org (code=killed, signal=SYS) Main PID: 351106 (code=killed, signal=SYS) Mär 20 01:33:52 pluto systemd[1]: Started test seccomp filter. Mär 20 01:33:52 pluto systemd[1]: test.service: Main process exited, code=killed, status=31/SYS Mär 20 01:33:52 pluto systemd[1]: test.service: Failed with result 'signal'.
signature.asc
Description: OpenPGP digital signature