[PATCH 1/2] paccache.service.in: Add @system-service to SystemCallFilter
Frederik “Freso” S. Olesen
freso.dk at gmail.com
Tue Nov 30 12:38:22 UTC 2021
The SystemCallFilter group @system-service includes some calls
that are necessary for the service unit to run, that are not
included in @file-system.
Signed-off-by: Frederik “Freso” S. Olesen <freso.dk at gmail.com>
---
src/paccache.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/paccache.service.in b/src/paccache.service.in
index 0a280b3..a821daf 100644
--- a/src/paccache.service.in
+++ b/src/paccache.service.in
@@ -36,5 +36,5 @@ RestrictRealtime=yes
RestrictSUIDSGID=yes
RemoveIPC=yes
PrivateMounts=yes
-SystemCallFilter=@file-system
+SystemCallFilter=@system-service @file-system
SystemCallArchitectures=native
--
2.34.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/pacman-contrib/attachments/20211130/c7fe6e97/attachment.sig>
More information about the pacman-contrib
mailing list