From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 22 Oct 2021 13:32:45 +0000 (+0900)
Subject: nspawn: ignore --suppress-sync=yes when seccomp is disabled
X-Git-Tag: v250-rc1~442
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=20e458ae3c3b386e2b720bbd3c37d95781e69ae7;p=thirdparty%2Fsystemd.git

nspawn: ignore --suppress-sync=yes when seccomp is disabled

Follow-up for 4a4654e0241fbeabecb8587fd3520b6b39264b9c.

Fixes #21090.
---

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index d133ca7be39..2804686f79a 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -3405,9 +3405,13 @@ static int inner_child(
         }
 
         if (arg_suppress_sync) {
+#if HAVE_SECCOMP
                 r = seccomp_suppress_sync();
                 if (r < 0)
                         log_debug_errno(r, "Failed to install sync() suppression seccomp filter, ignoring: %m");
+#else
+                log_debug("systemd is built without SECCOMP support. Ignoring --suppress-sync= command line option and SuppressSync= setting.")
+#endif
         }
 
 #if HAVE_SELINUX