From f535befda4e95c3fff4414e44bbf9ae8fac225e0 Mon Sep 17 00:00:00 2001 From: Robert Mader Date: Thu, 29 Jan 2026 10:23:13 +0100 Subject: [PATCH] systemd: allow mincore system call for Mesa/EGL This is required in order to allow plugins to use GL as mincore is used in Mesas `_eglPointerIsDereferenceable()`. One example for a client wanting to do so is the in-development libcamera GPUISP, see https://patchwork.libcamera.org/cover/24183/ (cherry picked from commit pipewire@4796b3fb9524c20ac0f5006143b6a13ee50c01ec) See pipewire/pipewire!2530 --- src/systemd/system/wireplumber.service.in | 2 +- src/systemd/system/wireplumber@.service.in | 2 +- src/systemd/user/wireplumber.service.in | 2 +- src/systemd/user/wireplumber@.service.in | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/systemd/system/wireplumber.service.in b/src/systemd/system/wireplumber.service.in index 54696d6a..460364c7 100644 --- a/src/systemd/system/wireplumber.service.in +++ b/src/systemd/system/wireplumber.service.in @@ -9,7 +9,7 @@ LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes SystemCallArchitectures=native -SystemCallFilter=@system-service +SystemCallFilter=@system-service mincore Type=simple AmbientCapabilities=CAP_SYS_NICE ExecStart=@WP_BINARY@ -p main-systemwide diff --git a/src/systemd/system/wireplumber@.service.in b/src/systemd/system/wireplumber@.service.in index 0766d4e0..94024959 100644 --- a/src/systemd/system/wireplumber@.service.in +++ b/src/systemd/system/wireplumber@.service.in @@ -14,7 +14,7 @@ LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes SystemCallArchitectures=native -SystemCallFilter=@system-service +SystemCallFilter=@system-service mincore Type=simple AmbientCapabilities=CAP_SYS_NICE ExecStart=@WP_BINARY@ -p %i diff --git a/src/systemd/user/wireplumber.service.in b/src/systemd/user/wireplumber.service.in index cb16e82a..64ab2cd5 100644 --- a/src/systemd/user/wireplumber.service.in +++ b/src/systemd/user/wireplumber.service.in @@ -9,7 +9,7 @@ LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes SystemCallArchitectures=native -SystemCallFilter=@system-service +SystemCallFilter=@system-service mincore Type=simple ExecStart=@WP_BINARY@ Restart=on-failure diff --git a/src/systemd/user/wireplumber@.service.in b/src/systemd/user/wireplumber@.service.in index 5c1096fc..df66cfc4 100644 --- a/src/systemd/user/wireplumber@.service.in +++ b/src/systemd/user/wireplumber@.service.in @@ -14,7 +14,7 @@ LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes SystemCallArchitectures=native -SystemCallFilter=@system-service +SystemCallFilter=@system-service mincore Type=simple ExecStart=@WP_BINARY@ -p %i Restart=on-failure