systemd: allow mincore system call for Mesa/EGL

This is required in order to allow plugins to use GL as mincore is used in Mesas `_eglPointerIsDereferenceable()`. One example for a client wanting to do so is the in-development libcamera GPUISP, see https://patchwork.libcamera.org/cover/24183/ (cherry picked from commit pipewire@4796b3fb9524c20ac0f5006143b6a13ee50c01ec) See pipewire/pipewire!2530
2026-03-23 22:40:41 +01:00 · 2026-01-29 10:23:13 +01:00 · 2026-01-29 10:23:13 +01:00 · f535befda4
commit f535befda4
parent 1762d91e75
4 changed files with 4 additions and 4 deletions
--- a/src/systemd/system/wireplumber.service.in
+++ b/src/systemd/system/wireplumber.service.in
@ -9,7 +9,7 @@ LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
 SystemCallArchitectures=native
-SystemCallFilter=@system-service
+SystemCallFilter=@system-service mincore
 Type=simple
 AmbientCapabilities=CAP_SYS_NICE
 ExecStart=@WP_BINARY@ -p main-systemwide
--- a/src/systemd/system/wireplumber@.service.in
+++ b/src/systemd/system/wireplumber@.service.in
@ -14,7 +14,7 @@ LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
 SystemCallArchitectures=native
-SystemCallFilter=@system-service
+SystemCallFilter=@system-service mincore
 Type=simple
 AmbientCapabilities=CAP_SYS_NICE
 ExecStart=@WP_BINARY@ -p %i
--- a/src/systemd/user/wireplumber.service.in
+++ b/src/systemd/user/wireplumber.service.in
@ -9,7 +9,7 @@ LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
 SystemCallArchitectures=native
-SystemCallFilter=@system-service
+SystemCallFilter=@system-service mincore
 Type=simple
 ExecStart=@WP_BINARY@
 Restart=on-failure
--- a/src/systemd/user/wireplumber@.service.in
+++ b/src/systemd/user/wireplumber@.service.in
@ -14,7 +14,7 @@ LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
 SystemCallArchitectures=native
-SystemCallFilter=@system-service
+SystemCallFilter=@system-service mincore
 Type=simple
 ExecStart=@WP_BINARY@ -p %i
 Restart=on-failure