From: Lennart Poettering <lennart@poettering.net>
Date: Sun, 7 Jul 2019 15:28:57 +0000 (+0200)
Subject: units: add SystemCallErrorNumber=EPERM to systemd-portabled.service
X-Git-Tag: v243-rc1~186
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ba2fb17d8b5c8fc66b41a2d04c03dd9ccb5f6de3;p=thirdparty%2Fsystemd.git

units: add SystemCallErrorNumber=EPERM to systemd-portabled.service

We use that on all other services, and hence should here too. Otherwise
the service will be killed with SIGSYS when doing something not
whitelisted, which is a bit crass.
---

diff --git a/units/systemd-portabled.service.in b/units/systemd-portabled.service.in
index a8eab94d02e..c88d3597b7a 100644
--- a/units/systemd-portabled.service.in
+++ b/units/systemd-portabled.service.in
@@ -22,6 +22,7 @@ ProtectHostname=yes
 RestrictRealtime=yes
 RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
 SystemCallFilter=@system-service @mount
+SystemCallErrorNumber=EPERM
 SystemCallArchitectures=native
 LockPersonality=yes
 IPAddressDeny=any