Remove redundant system-call-filter

Since SYSTEMD_SECCOMP=0 adding system-call-filter is redundant
2024-01-27 12:23:45 +01:00 · 2024-01-27 12:23:45 +01:00 · 53689df645
parent 303f79a3ae
commit 53689df645
1 changed files with 6 additions and 2 deletions
--- a/jlmkr.py
+++ b/jlmkr.py
@ -389,7 +389,6 @@ def start_jail(jail_name, check_startup_enabled=False):
        # Add additional flags required for docker
        systemd_nspawn_additional_args += [
            "--capability=all",
-            "--system-call-filter=add_key keyctl bpf",
        ]

    # Legacy gpu_passthrough config setting
@ -978,7 +977,12 @@ def create_jail(jail_name, distro="debian", release="bookworm"):
            "--setenv=SYSTEMD_NSPAWN_LOCK=0",
        ]

-        systemd_nspawn_default_args = ["--keep-unit", "--quiet", "--boot", "--bind-ro=/sys/module"]
+        systemd_nspawn_default_args = [
+            "--keep-unit",
+            "--quiet",
+            "--boot",
+            "--bind-ro=/sys/module",
+        ]

        config = cleandoc(
            f"""