!708 seccomp-util: fix build failure #21970

From: @fly_fzc 
Reviewed-by: @xujing99 
Signed-off-by: @xujing99

backport-seccomp-util-include-missing_syscall_def.h-to-make-__SNR_foo-mapped.patch

@@ -0,0 +1,71 @@
+From ddf73c98fcf094201dc813b33765e4eed74e25c5 Mon Sep 17 00:00:00 2001
+From: zhaoxiaohu <zhaoxiaohu@kuaishou.com>
+Date: Wed, 31 Jul 2024 10:24:26 +0800
+Subject: [PATCH] seccomp-util: include missing_syscall_def.h to make __SNR_foo 
+ mapped to __NR_foo
+
+Fixes #21969.
+
+Reference: https://github.com/systemd/systemd/pull/21970/commits/e83156c264d149e8f92f05b4d777317824a430f1
+
+Signed-off-by: zhaoxiaohu <zhaoxiaohu@kuaishou.com>
+Signed-off-by: yuwang <yuwang@kuaishou.com>
+---
+ src/shared/seccomp-util.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
+index ccfa4cc..9e0d415 100644
+--- a/src/shared/seccomp-util.c
++++ b/src/shared/seccomp-util.c
+@@ -3,13 +3,16 @@
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <linux/seccomp.h>
+-#include <seccomp.h>
+ #include <stddef.h>
+ #include <sys/mman.h>
+ #include <sys/prctl.h>
+ #include <sys/shm.h>
+ #include <sys/stat.h>
+ 
++/* include missing_syscall_def.h earlier to make __SNR_foo mapped to __NR_foo. */
++#include "missing_syscall_def.h"
++#include <seccomp.h>
++
+ #include "af-list.h"
+ #include "alloc-util.h"
+ #include "env-util.h"
+@@ -1736,13 +1739,11 @@ int seccomp_memory_deny_write_execute(void) {
+                 if (r < 0)
+                         continue;
+ 
+-#ifdef __NR_pkey_mprotect
+                 r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(pkey_mprotect),
+                                                1,
+                                                SCMP_A2(SCMP_CMP_MASKED_EQ, PROT_EXEC, PROT_EXEC));
+                 if (r < 0)
+                         continue;
+-#endif
+ 
+                 if (shmat_syscall > 0) {
+                         r = add_seccomp_syscall_filter(seccomp, arch, shmat_syscall,
+@@ -2063,7 +2064,6 @@ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) {
+         else
+                 any = true;
+ 
+-#if SCMP_SYS(open) > 0
+         r = seccomp_rule_add_exact(
+                         seccomp,
+                         SCMP_ACT_ERRNO(EPERM),
+@@ -2075,7 +2075,6 @@ static int seccomp_restrict_sxid(scmp_filter_ctx seccomp, mode_t m) {
+                 log_debug_errno(r, "Failed to add filter for open: %m");
+         else
+                 any = true;
+-#endif
+ 
+         r = seccomp_rule_add_exact(
+                         seccomp,
+-- 
+2.33.0
+

systemd.spec

@@ -21,7 +21,7 @@
 Name:           systemd
 Url:            https://systemd.io/
 Version:        249
-Release:        83
+Release:        84
 License:        MIT and LGPLv2+ and GPLv2+
 Summary:        System and Service Manager
 
@@ -674,6 +674,7 @@ Patch6625:      backport-core-do-not-GC-units-jobs-that-are-in-the-D-Bus-queu.pa
 Patch6626:      backport-sd-event-fix-fd-leak-when-fd-is-owned-by-IO-event-so.patch
 Patch6627:      backport-Update-hwdb.patch
 Patch6628:	backport-fix-cgtop-sscanf-return-code-checks.patch
+Patch6629:	backport-seccomp-util-include-missing_syscall_def.h-to-make-__SNR_foo-mapped.patch
 
 Patch9001:      update-rtc-with-system-clock-when-shutdown.patch
 Patch9002:      udev-add-actions-while-rename-netif-failed.patch
@@ -2188,6 +2189,9 @@ grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null &&
 /usr/bin/systemd-cryptenroll
 
 %changelog
+* Mon Aug 26 2024 fuanan <fuanan3@h-partners.com> - 249-84
+- add backport-seccomp-util-include-missing_syscall_def.h-to-make-__SNR_foo-mapped.patch
+
 * Thu Aug 22 2024 yanglongkang <yanglongkang@h-partners.com> - 249-83
 - backport: fix cgtop sscanf return code checks