seccomp: move mprotect to @default
With glibc-2.34.9000-17.fc36.x86_64, dynamically programs newly fail in early
init with a restrictive syscall filter that does not include @system-service.
I think this is caused by
2dd87703d4386f2776c5b5f375a494c91d7f9fe4:
Author: Florian Weimer <fweimer@redhat.com>
Date: Mon May 10 10:31:41 2021 +0200
nptl: Move changing of stack permissions into ld.so
All the stack lists are now in _rtld_global, so it is possible
to change stack permissions directly from there, instead of
calling into libpthread to do the change.
It seems that this call will now be very widely used, so let's just move it to
default to avoid too many failures.
(cherry picked from commit
4728625490b70ac4a686b1655c08ad3fe7b97359)
projects / systemd / .git / commit