So I think your new packages are probably OK, but as they pull in 2.5.1 my system is breaking because the version of systemd-nspawn I'm using (default version from focal) is apparently still old enough not to include openat2() (Yes, reading upthread it seems I knew all of this in August and have managed to forget it over the last few months!)
I will backport/patch systemd-nspawn and re-test these packages when time permits..
OK, this is getting complicated. seccomp 2.5.0 and systemd-nspawn both have bugs which when combined cause most/all syscall filters to actually be disabled! See https:/ /github. com/seccomp/ libseccomp/ issues/ 273#issuecommen t-668458070
So I think your new packages are probably OK, but as they pull in 2.5.1 my system is breaking because the version of systemd-nspawn I'm using (default version from focal) is apparently still old enough not to include openat2() (Yes, reading upthread it seems I knew all of this in August and have managed to forget it over the last few months!)
I will backport/patch systemd-nspawn and re-test these packages when time permits..