On 20.6.2019 12.25, Michael Biebl wrote:
Hi
Am 20.06.19 um 09:57 schrieb Trent W. Buck:
Package: systemd
Version: 241-5
Severity: minor
File: /usr/bin/systemd-analyze
Below are two units which both block @debug syscalls (confirmed by strace
crashing).
systemd-analyze incorrectly claims @debug is allowed in one of them.
It seems a "blacklist-only" SystemCallFilter= results in a blacklist in
systemctl show, and systemd-analyze can't understand that?
A "whitelist, then blacklist" SystemCallFilter= results in a whitelist in
systemctl show, which systemd-analyze understands.
Could you raise this upstream at
https://github.com/systemd/systemd/issues and report back with the bug
number.
I think this was fixed with 95832a0, which is included in v242.
-Topi
