On 28 July 2016 at 17:04, Michael Biebl <bi...@debian.org> wrote: > Am 28.07.2016 um 22:50 schrieb Rick Thomas: >> In the interest of having a working system, I reverted that machine to >> systemd version 230-7. Unsurprisingly, the problem went away. >> >> I’ll try re-installing 231-1 and commenting that line. I’ll probably have a >> chance tonight. I’ll report when I have something. >> >> It may be worth noticing that other things failed as well when 231-1 was in. >> I’m attaching a ‘grep -i fail -C20’ of the screen log. Of particular note >> are “Failed to start Raise network interfaces” and “Failed to start Login >> Service.” >> >> Are there other places where I should remove a “SystemCallFilter” ? >> > > Various units were locked down like e.g. in > https://github.com/systemd/systemd/commit/4e069746fe0de1f60bd1b75c113b0f40ffe86736 > > If the SystemCallFilter= is what causes journald to fail, it's likely it > also affects those other services.
Turns out seccomp is disabled in the arm* kernels: % grep SECCOMP boot/config-4.6.0-1-marvell CONFIG_HAVE_ARCH_SECCOMP_FILTER=y # CONFIG_SECCOMP is not set % grep SECCOMP boot/config-4.6.0-1-armmp CONFIG_HAVE_ARCH_SECCOMP_FILTER=y # CONFIG_SECCOMP is not set So I think the kernel should enable SECCOMP. However, I think systemd should also simply (warn and) ignore seccomp calls if seccomp is not available in the current kernel. -- Saludos, Felipe Sateler
