>>> systemd tag bot <donotreply-systemd-tag@xxxxxxxxxx> schrieb am 30.07.2019 um 19:09 in Nachricht <20190730170916.1.C7B12DB1B9D296AB@xxxxxxxxxx>: > A new systemd ☠️ pre-release ☠️ has just been tagged. Please download the > tarball here: > > https://github.com/systemd/systemd/archive/v243-rc1.tar.gz > > NOTE: This is ☠️ pre-release☠️ software. Do not run this on production > systems, but please test this and report any issues you find to GitHub: > > https://github.com/systemd/systemd/issues/new?template=Bug_report.md > > Changes since the previous release: > [...] > * Previously, filters defined with SystemCallFilter= would have the > effect that any calling of an offending system call would > terminate > the calling thread. This behaviour never made much sense, since > killing individual threads of unsuspecting processes is likely to > create more problems than it solves. With this release the default > action changed from killing the thread to killing the whole > process. For this to work correctly both a kernel version (>= 4.14) I never used that feature, but I feel an error code like EPERM would be most appropriate, because that's what it really is. > and a libseccomp version (>= 2.4.0) supporting this new seccomp > action is required. If an older kernel or libseccomp is used the > old > behaviour continues to be used. This change does not affect any > services that have no system call filters defined, or that use > SystemCallErrorNumber= (and thus see EPERM or another error > instead > of being killed when calling an offending system call). Note that > systemd documentation always claimed that the whole process is > killed. With this change behaviour is thus adjusted to match the > documentation. [...] _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel