Am Sat, 3 Oct 2015 18:55:47 +0300 schrieb Andrei Borzenkov <arvidjaar@gmail.com>:
raven:~ # cat /proc/self/status | grep -i seccomp Seccomp: 2 raven:~ #
Yes, you have seccomp enabled in mode 2. Unfortunately, I do not know if it is possible to fetch actual seccomp filter in use.
Please read man systemd-system.conf. Check every file and directory mentioned in this page - does it have SystemCallAcritectures set and to which value. If there is none - something enables seccomp and you will find out what. Start with booting with init=/bin/sh. What value Seccomp has now? Boot into run level 1 - what value Seccomp has now?
Under /etc/systemd/ I found two files containing SystemCallArchitectures /etc/systemd/system.conf: SystemCallArchitectures=x86-64 other entries commented out /etc/systemd/user.conf: all entries commented out I found: SystemCallArchitectures= Takes a space-separated list of architecture identifiers. Selects from which architectures system calls may be invoked on this system. So I guess "x86-64" is not correct in case 32bit code should be executable, too. It should be "x86 x86-64". Right? init=/bin/sh Seccomp: 2 init 1 to 5 Seccomp: 2 I think, I got the intention of SECure COMputing. (I'm not a programmer, only a user) But I can't see what is able to set the Seccomp mode, except it depends on the SystemCallArchitectures option. And if so, what has changed the option and why? On the other hand, is it secure to change the SystemCallArchitectures option simply to "x86 x86-64"? -- Mit freundlichen Grüßen Kind Regards Peter Ragosch -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org