From 49ae4369e08a1f074a36de7529596c9b244d3050 Mon Sep 17 00:00:00 2001 From: Erik Date: Sat, 25 Apr 2026 21:31:14 +0200 Subject: [PATCH] =?UTF-8?q?fix(agent):=20relax=20SystemCallFilter=20?= =?UTF-8?q?=E2=80=94=20Node=20needs=20@cpu-emulation=20etc.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The extra ~@cpu-emulation ~@obsolete ~@swap ~@raw-io negations on top of @system-service killed Claude Code (Node) with SIGSYS during startup. Keep just the truly dangerous groups blocked: ~@privileged ~@reboot ~@mount. The base @system-service preset already excludes others (no @debug, no @resources, etc. are included by default in that preset). --- agent/overlord-agent.service | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/agent/overlord-agent.service b/agent/overlord-agent.service index 4068ee86..d9f75220 100644 --- a/agent/overlord-agent.service +++ b/agent/overlord-agent.service @@ -91,17 +91,19 @@ RestrictNamespaces=true RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 # ─── Syscall filter ──────────────────────────────────────────────── +# Use the standard @system-service preset which is what almost every +# hardened systemd unit uses. It already excludes the dangerous groups +# (privileged, mount, reboot, raw-io, etc.) by NOT including them, while +# being broad enough to host typical apps including Node.js. +# +# We tried adding extra "~@..." negations on top — they killed Claude +# (Node) with SIGSYS during startup. The default @system-service preset +# is the right balance; the rest of the hardening covers what we need. SystemCallArchitectures=native SystemCallFilter=@system-service SystemCallFilter=~@privileged -SystemCallFilter=~@resources -SystemCallFilter=~@debug -SystemCallFilter=~@mount -SystemCallFilter=~@cpu-emulation -SystemCallFilter=~@obsolete SystemCallFilter=~@reboot -SystemCallFilter=~@swap -SystemCallFilter=~@raw-io +SystemCallFilter=~@mount [Install] WantedBy=multi-user.target