seccomp: fix build with glibc < 2.39

../src/shared/seccomp-util.c: In function ‘seccomp_restrict_sxid’:
../src/shared/seccomp-util.c:2228:25: error: ‘__NR_fchmodat2’ undeclared (first use in this function); did you mean ‘fchmodat2’?
 2228 |                         __NR_fchmodat2,
      |                         ^~~~~~~~~~~~~~
      |                         fchmodat2

The override/sys/syscalls.h needs to be included before the seccomp
headers, otherwise the internal seccomp preprocessor machinery will
not see the local definitions, so the local ifdef will be true but
the seccomp own definitions will be empty

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 53d18dada5feb35731dbbfab9be7d98be948f1b8..f5bd64f8d3f557cf264226c9fe41ba0e79006f9a 100644 (file)
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -1,5 +1,9 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
+/* This needs to be included before the seccomp headers, otherwise missing syscalls will be defined in this
+ * file and pass the ifdef, but they won't be defined in the seccomp headers so things like
+ * SCMP_SYS(fchmodat2) will resolve as empty and fail the build with older glibc/libseccomp. */
+#include <sys/syscall.h>
 #include <fcntl.h>
 #include <linux/seccomp.h>
 #include <sched.h>