[systemd-devel] Antw: systemd prerelease 243-rc1
Ulrich Windl
Ulrich.Windl at rz.uni-regensburg.de
Wed Jul 31 06:17:29 UTC 2019
>>> systemd tag bot <donotreply-systemd-tag at refi64.com> schrieb am 30.07.2019
um
19:09 in Nachricht <20190730170916.1.C7B12DB1B9D296AB at refi64.com>:
> A new systemd ☠️ pre-release ☠️ has just been tagged. Please download the
> tarball here:
>
> https://github.com/systemd/systemd/archive/v243-rc1.tar.gz
>
> NOTE: This is ☠️ pre-release☠️ software. Do not run this on production
> systems, but please test this and report any issues you find to GitHub:
>
> https://github.com/systemd/systemd/issues/new?template=Bug_report.md
>
> Changes since the previous release:
>
[...]
> * Previously, filters defined with SystemCallFilter= would have the
> effect that any calling of an offending system call would
> terminate
> the calling thread. This behaviour never made much sense, since
> killing individual threads of unsuspecting processes is likely to
> create more problems than it solves. With this release the
default
> action changed from killing the thread to killing the whole
> process. For this to work correctly both a kernel version (>=
4.14)
I never used that feature, but I feel an error code like EPERM would be most
appropriate, because that's what it really is.
> and a libseccomp version (>= 2.4.0) supporting this new seccomp
> action is required. If an older kernel or libseccomp is used the
> old
> behaviour continues to be used. This change does not affect any
> services that have no system call filters defined, or that use
> SystemCallErrorNumber= (and thus see EPERM or another error
> instead
> of being killed when calling an offending system call). Note that
> systemd documentation always claimed that the whole process is
> killed. With this change behaviour is thus adjusted to match the
> documentation.
[...]
More information about the systemd-devel
mailing list