From 20e458ae3c3b386e2b720bbd3c37d95781e69ae7 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 22 Oct 2021 22:32:45 +0900
Subject: [PATCH] nspawn: ignore --suppress-sync=yes when seccomp is disabled

Follow-up for 4a4654e0241fbeabecb8587fd3520b6b39264b9c.

Fixes #21090.
---
 src/nspawn/nspawn.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index d133ca7be3..2804686f79 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -3405,9 +3405,13 @@ static int inner_child(
         }
 
         if (arg_suppress_sync) {
+#if HAVE_SECCOMP
                 r = seccomp_suppress_sync();
                 if (r < 0)
                         log_debug_errno(r, "Failed to install sync() suppression seccomp filter, ignoring: %m");
+#else
+                log_debug("systemd is built without SECCOMP support. Ignoring --suppress-sync= command line option and SuppressSync= setting.")
+#endif
         }
 
 #if HAVE_SELINUX
-- 
2.25.1