On Sat, 31 Dec 2016 09:29:18 +0100 Michael Biebl <bi...@debian.org> wrote:
Hi, Michael! Thanks for cooperating! > > After upgrading an i686 machine running mpd from Jessie to Stretch, > > I noticed mpd won't start -- exiting with return code 1 early at > > startup: [...] > > Finally this spotted the problem which is the > > > > RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK > > [...] > > option. With it being commented out, mpd starts OK. > > So it appears you'd better comment that option as well for now of > > ship a dedicated unit files specifically for i686 systems if this is > > possible. > > > > OTOH, upstream appears to have some developments on [1], so maybe > > asking systemd maintainers on whether it's possible to integrate > > some upstream fix for this seccomp issue is worthwhile. > > Your analysis seems to be correct. Until systemd is fixed, you should > not use RestrictAddressFamilies= > > I'm not sure whether we will get v233 for stretch and if backporting > those upstream fixes for v232 is feasible. Would it be possible then to temporarily patch systemd as will be shipped in Stretch to just fail loading the unit with a descriptive error message if it contains the RestrictAddressFamilies directive *and* systemd is running on a 32-bit architecture (I think we have i686 and x32 by now)? I mean, it's easy to patch mpd package to exclude this directive, but people routinely use the init subsystem to host their own stuff. I think we can clearly state that this particular feature of systemd is currently broken on 32-bit; while that's not a big deal in itself (this feature is not critical for the functioning of system) using it can mysteriously and silently break your setup. (Please note that I'm a professional software developer who understands what syscalls are, knows about seccomp, is able to use certain debugging tools etc; we can't expect this level of expertise from a conventional system administrator or hobbyist.) Failing to execute (or otherwise load for procesing) a unit which will exhibit this bug for sure would make the problem apparent right away for whoever wrote (or installed from a source outside of Debian) such a unit. _______________________________________________ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers