diff options
author | Lennart Poettering <lennart@poettering.net> | 2019-04-29 12:05:16 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2019-05-24 10:48:28 +0200 |
commit | 4cd8263166c2ddd0352e0818f18ac8c0dbdf4b0f (patch) | |
tree | 66dfe25f01efdf1884a7ef1e3ee29c025563e768 /NEWS | |
parent | f9a3d8e2f3063beb07d72a931c75794786280b3e (diff) | |
download | systemd-4cd8263166c2ddd0352e0818f18ac8c0dbdf4b0f.tar.gz |
NEWS: document the new SystemCallFilter= behaviour
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 16 |
1 files changed, 16 insertions, 0 deletions
@@ -2,6 +2,22 @@ systemd System and Service Manager CHANGES WITH 243 in spe: + * Previously, filters defined with SystemCallFilter= would have the + effect that an calling an offending system call would terminate the + calling thread. This behaviour never made much sense, since killing + individual threads of unexpecting processes is likely to create more + problems than it solves. With this release the default action changed + from killing the thread to killing the whole process. For this to + work correctly both a kernel version (>= 4.14) and a libseccomp + version (>= 2.4.0) supporting this new seccomp action is required. If + an older kernel or libseccomp is used the old behaviour continues to + be used. This change does not affect any services that have no system + call filters defined, or that use SystemCallErrorNumber= (and thus + see EPERM or another error instead of being killed when calling an + offending system call). Note that systemd documentation always + claimed that the whole process is killed. With this change behaviour + is thus adjusted to match the documentation. + * The "kernel.pid_max" sysctl is now bumped to 4194304 by default, i.e. the full 22bit range the kernel allows, up from the old 16bit range. This should improve security and robustness a bit, as PID |