src/nspawn/nspawn.c

@@ -3405,13 +3405,9 @@ static int inner_child(
         }
 
         if (arg_suppress_sync) {
-#if HAVE_SECCOMP
                 r = seccomp_suppress_sync();
                 if (r < 0)
                         log_debug_errno(r, "Failed to install sync() suppression seccomp filter, ignoring: %m");
-#else
-                log_debug("systemd is built without SECCOMP support. Ignoring --suppress-sync= command line option and SuppressSync= setting.")
-#endif
         }
 
 #if HAVE_SELINUX
@@ -5334,15 +5330,6 @@ static int initialize_rlimits(void) {
                                 if (prlimit(1, rl, NULL, &buffer) < 0)
                                         return log_error_errno(errno, "Failed to read resource limit RLIMIT_%s of PID 1: %m", rlimit_to_string(rl));
 
-                                v = &buffer;
-                        } else if (rl == RLIMIT_NOFILE) {
-                                /* We nowadays bump RLIMIT_NOFILE's hard limit early in PID 1 for all
-                                 * userspace. Given that nspawn containers are often run without our PID 1,
-                                 * let's grant the containers a raised RLIMIT_NOFILE hard limit by default,
-                                 * so that container userspace gets similar resources as host userspace
-                                 * gets. */
-                                buffer = kernel_defaults[rl];
-                                buffer.rlim_max = MIN((rlim_t) read_nr_open(), (rlim_t) HIGH_RLIMIT_NOFILE);
                                 v = &buffer;
                         } else
                                 v = kernel_defaults + rl;