How to debug systemd seccomp SystemCallFilter unit-name.service: Main process exited, code=killed, status=31/SYS?

Question

systemd unit file:

[Service]
SystemCallFilter=[...]

Error message:

unit-name.service: Main process exited, code=killed, status=31/SYS

How to find out which system call is missing in the whitelist?

score 0 · Answer 1 · edited Feb 15 '22 at 19:32

0

You can first get the system call that failed with

journalctl _AUDIT_TYPE_NAME=SECCOMP

Syscall codes (such as syscall=28) are listed in a header under /usr/include. For example, on Debian x86_64, it's in /usr/include/x86_64-linux-gnu/asm/unistd_64.h.

edited Feb 15 '22 at 19:32

Greenonline

1,759
7
16
21

answered Feb 12 '22 at 20:16

lparcq

1
1

How to debug systemd seccomp SystemCallFilter unit-name.service: Main process exited, code=killed, status=31/SYS?

1 Answers1