steve/restic-manager
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases 1 Wiki Activity

agent unit: drop SystemCallFilter — was killing restic with SIGSYS
CI / Test (linux/amd64) (push) Has been cancelled
Details
CI / Lint (push) Has been cancelled
Details
CI / Build (windows/amd64) (push) Has been cancelled
Details
CI / Build (linux/amd64) (push) Has been cancelled
Details
CI / Build (linux/arm64) (push) Has been cancelled
Details

Browse Source 
Allow-list filter @system-service excludes some syscalls Go's
runtime + restic's file scanner reach for; init job died
immediately with "bad system call (core dumped)". CapabilityBounding
already constrains what root can do; the Protect*/Restrict* toggles
still cover network / kernel / mount / namespace. Net effect on the
threat model is negligible vs the operational cost.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Steve Cliff
2026-05-02 13:40:43 +01:00
parent 7e49b62e0e
commit c565a7abd1
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy/install/restic-manager-agent.service
+5 -2
View File
@@ -53,8 +53,11 @@ RestrictNamespaces=true
LockPersonality=true
MemoryDenyWriteExecute=true
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=~@privileged @resources @reboot @swap @module @raw-io
# (No SystemCallFilter — the cap drop above already constrains what
# root can do; an allow-list filter killed restic with SIGSYS during
# init because @system-service excludes some of the syscalls Go's
# runtime + restic's file scanner reach for. The Protect*/Restrict*
# toggles still cover network / kernel / mount / namespace.)
[Install]
WantedBy=multi-user.target