Component

systemd-nspawn

Is your feature request related to a problem? Please describe

We are using systemd-nspawn on RISC architectures, and we noticed that some arch-specific syscalls are safe & necessary for programs to function correctly, but not presented in the syscall allow list.

Seems like the allow list does not contain arch-specific syscalls currently, so may I ask would it be possible to add such syscalls into the list? Or are they uncapable because they are arch-related?

Thanks!

Describe the solution you'd like

Maybe we can maintain an arch-related syscall list? They can be included on demand (e.g. by testing build host architecture with #ifdefs) during build stage, or included unconditionally.

Describe alternatives you've considered

Of course downstream developers can patch the list at their side manually, but this may introduce repeated work :-( Actually it spent us a lot of time to narrow down the scale of the issue, from major program malfunction bug to a single syscall not in the seccomp allow list. Others may experience the same issue IMO

The systemd version you checked that didn't have the feature you are asking for

251