Debugging Systemd Seccomp

Architecture dependent. What works on Intel / AMD64 might not work on arm64 etc.

To watch for systemd seccomp issues:

sudo journalctl _AUDIT_TYPE_NAME=SECCOMP -f

Sample issue (bold added):

SECCOMP auid=4294967295 uid=108 gid=118 ses=4294967295 subj==/usr/bin/sdwdate (enforce) pid=9740 comm="sdwdate" exe="/usr/bin/python3.7" sig=31 arch=c0000015 syscall=140 compat=0 ip=0x7fff96cc7df4 code=0x0

The relevant part in above log output snippet is syscall=140.

Found https://chromium.googlesource.com/chromiumos/docs/+/master/constants/syscalls.md for a table to translate

140

to

_llseek

Maybe a better table: https://marcin.juszkiewicz.com.pl/download/tables/syscalls.html

Note: Replace sdwdate with the systemd unit name to debug.

sudoedit /lib/systemd/system/sdwdate.service && sudo systemctl daemon-reload && sudo systemctl restart sdwdate && sudo systemctl --no-pager status sdwdate

SystemCallFilter= needs to be adjusted.

Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

Kicksecure A secure by default operating system with the latest security research in place.

Dark mode

FREE · PLUS · PREMIUM Support

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint Kicksecure

ENCRYPTED SUPPORT LP, 2023

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 10 year success story and maybe DONATE!

Debugging Systemd Seccomp

Navigation menu