nspawn: ignore --suppress-sync=yes when seccomp is disabled

author Yu Watanabe <watanabe.yu+github@gmail.com>

Fri, 22 Oct 2021 13:32:45 +0000 (22:32 +0900)

committer Lennart Poettering <lennart@poettering.net>

Fri, 22 Oct 2021 21:43:20 +0000 (23:43 +0200)
author Yu Watanabe <watanabe.yu+github@gmail.com>
Fri, 22 Oct 2021 13:32:45 +0000 (22:32 +0900)
committer Lennart Poettering <lennart@poettering.net>
Fri, 22 Oct 2021 21:43:20 +0000 (23:43 +0200)
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c

index d133ca7be39842408ef06acf8a96116c868bb8e0..2804686f79a3e0f40b4e1e1ee19253dfb4a04884 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -3405,9 +3405,13 @@ static int inner_child(
          }
  
          if (arg_suppress_sync) {
+#if HAVE_SECCOMP
                  r = seccomp_suppress_sync();
                  if (r < 0)
                          log_debug_errno(r, "Failed to install sync() suppression seccomp filter, ignoring: %m");
+#else
+                log_debug("systemd is built without SECCOMP support. Ignoring --suppress-sync= command line option and SuppressSync= setting.")
+#endif
          }
  
  #if HAVE_SELINUX
author	Yu Watanabe <watanabe.yu+github@gmail.com>
	Fri, 22 Oct 2021 13:32:45 +0000 (22:32 +0900)
committer	Lennart Poettering <lennart@poettering.net>
	Fri, 22 Oct 2021 21:43:20 +0000 (23:43 +0200)