From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Wed, 6 Aug 2025 11:41:01 +0000 (+0100)
Subject: seccomp: fix build with glibc < 2.39
X-Git-Tag: v258-rc3~74^2~5
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3ec74b96b7e82877c03a7d0fb4c81a296b923013;p=thirdparty%2Fsystemd.git

seccomp: fix build with glibc < 2.39

../src/shared/seccomp-util.c: In function ‘seccomp_restrict_sxid’:
../src/shared/seccomp-util.c:2228:25: error: ‘__NR_fchmodat2’ undeclared (first use in this function); did you mean ‘fchmodat2’?
 2228 |                         __NR_fchmodat2,
      |                         ^~~~~~~~~~~~~~
      |                         fchmodat2

The override/sys/syscalls.h needs to be included before the seccomp
headers, otherwise the internal seccomp preprocessor machinery will
not see the local definitions, so the local ifdef will be true but
the seccomp own definitions will be empty
---

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 53d18dada5f..f5bd64f8d3f 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -1,5 +1,9 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
+/* This needs to be included before the seccomp headers, otherwise missing syscalls will be defined in this
+ * file and pass the ifdef, but they won't be defined in the seccomp headers so things like
+ * SCMP_SYS(fchmodat2) will resolve as empty and fail the build with older glibc/libseccomp. */
+#include <sys/syscall.h>
 #include <fcntl.h>
 #include <linux/seccomp.h>
 #include <sched.h>