shared/seccomp: do not use ifdef guards around textual syscall names

It is possible that we will be running with an upgraded libseccomp, in which
case libseccomp might know the syscall name, even if the number is not known at
the time when systemd is being compiled. The guard only serves to break such
upgrades, by requiring that we also recompile systemd.

For s390-specific syscalls, use a define to exclude them, so that that we don't
try to filter them on other arches.

(cherry picked from commit 6cf852e79eb0eced2f77653941f9c75c3bd79386)

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 45bf309bcf8c536306eb99b9e1bb9078e9e33bf3..99585924a0ebc9344b7bd67219352e765747dff7 100644 (file)
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -387,7 +387,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "pidfd_getfd\0"
                 "ptrace\0"
                 "rtas\0"
-#ifdef __NR_s390_runtime_instr
+#if defined __s390__ || defined __s390x__
                 "s390_runtime_instr\0"
 #endif
                 "sys_debug_setcontext\0"
@@ -464,9 +464,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "stat64\0"
                 "statfs\0"
                 "statfs64\0"
-#ifdef __NR_statx
                 "statx\0"
-#endif
                 "symlink\0"
                 "symlinkat\0"
                 "truncate\0"
@@ -712,10 +710,8 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "pciconfig_iobase\0"
                 "pciconfig_read\0"
                 "pciconfig_write\0"
-#ifdef __NR_s390_pci_mmio_read
+#if defined __s390__ || defined __s390x__
                 "s390_pci_mmio_read\0"
-#endif
-#ifdef __NR_s390_pci_mmio_write
                 "s390_pci_mmio_write\0"
 #endif
         },