Debugging Systemd Seccomp

From Kicksecure

Architecture dependent. What works on Intel / AMD64 might not work on arm64 etc.

To watch for systemd seccomp issues:

sudo journalctl _AUDIT_TYPE_NAME=SECCOMP -f

Sample issue (bold added):

SECCOMP auid=4294967295 uid=108 gid=118 ses=4294967295 subj==/usr/bin/sdwdate (enforce) pid=9740 comm="sdwdate" exe="/usr/bin/python3.7" sig=31 arch=c0000015 syscall=140 compat=0 ip=0x7fff96cc7df4 code=0x0

The relevant part in above log output snippet is syscall=140.

Found for a table to translate




Maybe a better table:

Note: Replace sdwdate with the systemd unit name to debug.

sudoedit /lib/systemd/system/sdwdate.service && sudo systemctl daemon-reload && sudo systemctl restart sdwdate && sudo systemctl --no-pager status sdwdate

SystemCallFilter= needs to be adjusted.

Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.