[PATCH 1/2] paccache.service.in: Add @system-service to SystemCallFilter

Frederik “Freso” S. Olesen freso.dk at gmail.com
Tue Nov 30 12:38:22 UTC 2021


The SystemCallFilter group @system-service includes some calls
that are necessary for the service unit to run, that are not
included in @file-system.

Signed-off-by: Frederik “Freso” S. Olesen <freso.dk at gmail.com>
---
 src/paccache.service.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/paccache.service.in b/src/paccache.service.in
index 0a280b3..a821daf 100644
--- a/src/paccache.service.in
+++ b/src/paccache.service.in
@@ -36,5 +36,5 @@ RestrictRealtime=yes
 RestrictSUIDSGID=yes
 RemoveIPC=yes
 PrivateMounts=yes
-SystemCallFilter=@file-system
+SystemCallFilter=@system-service @file-system
 SystemCallArchitectures=native
-- 
2.34.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/pacman-contrib/attachments/20211130/c7fe6e97/attachment.sig>


More information about the pacman-contrib mailing list