core: prefer SCMP_ACT_KILL_PROCESS for SystemCallFilter= behaviour

If we have it, use it. It makes a ton more sense.

Fixes: #11967

diff --git a/src/core/execute.c b/src/core/execute.c
index 9975de1ff59a495fc995135b71d7839fa80856a0..e90c3ac4f38942fb9051e1c5a5a1c0ad205b41bd 100644 (file)
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1439,7 +1439,7 @@ static int apply_syscall_filter(const Unit* u, const ExecContext *c, bool needs_
         if (skip_seccomp_unavailable(u, "SystemCallFilter="))
                 return 0;
 
-        negative_action = c->syscall_errno == 0 ? SCMP_ACT_KILL : SCMP_ACT_ERRNO(c->syscall_errno);
+        negative_action = c->syscall_errno == 0 ? scmp_act_kill_process() : SCMP_ACT_ERRNO(c->syscall_errno);
 
         if (c->syscall_whitelist) {
                 default_action = negative_action;