Merge pull request #3367 from flatcar/danzatt/fix-modprobe-via-udevd

sys-apps/systemd: allow @mount syscalls for systemd-udevd.service
2025-12-23 10:12:12 +01:00 · 2025-11-05 18:17:20 +01:00 · 2025-11-05 18:17:20 +01:00 · 2aaa758cc9
commit 2aaa758cc9
parent aee197d274 8e94ac029b
3 changed files with 13 additions and 0 deletions
--- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/systemd
+++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/systemd
@ -11,3 +11,16 @@ After=ensure-sysext.service
 EOF
  popd
 }
+
+cros_post_src_install_udev() {
+  insinto "$(systemd_get_systemunitdir)/systemd-udevd.service.d"
+  newins - flatcar.conf <<EOF
+# In Flatcar we are using modprobe helpers that run depmod in temporary
+# overlay. systemd-udevd.service may try to load drivers for some block devices
+# (e.g. ZFS), which ends up calling our helpers, which invoke mount command.
+# The mount syscalls are forbidden by the default systemd-udevd syscall filter.
+
+[Service]
+SystemCallFilter=@mount
+EOF
+}
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9-r2.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9-r2.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-257.7-r1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-257.7-r1.ebuild