Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add missing syscalls for workers (#2212)
# Description Since the binary split additional syscalls are getting blocked in relation to the workers. With the hardened systemd file it shows the following warning: ``` Cannot fully enable landlock, a Linux kernel security feature. Running validation of malicious PVF code has a higher risk of compromising this machine. Consider upgrading the kernel version for maximum security. status=Ok(NotEnforced) abi=1 ``` For it to work we need to allow additionally: - mount - umount2 - pivot_root and set `RestrictNamespaces=false` Added new line `SystemCallFilter=pivot_root` because otherwise it would get blocked by ~\@\privileged Co-authored-by: s0me0ne-unkn0wn <[email protected]> Co-authored-by: Bastian Köcher <[email protected]>
- Loading branch information