seccomp: also move munmap into @default syscall filter set

Follow-up for 5abede3247591248718026cb8be6cd231de7728b.

man/bootctl.xml

@@ -112,6 +112,7 @@
         These special IDs are primarily useful as a quick way to persistently make the currently booted boot loader
         entry the default choice, or to upgrade the default boot loader entry for the next boot to the default boot
         loader entry for all future boots, but may be used for other operations too.
+        When an emptry string ("") is specified as an ID, then the corresponding EFI variable will be unset.
         </para></listitem>
       </varlistentry>
 

src/kernel-install/90-loaderentry.install

@@ -20,7 +20,7 @@ MACHINE_ID=$KERNEL_INSTALL_MACHINE_ID
 
 BOOT_ROOT=${ENTRY_DIR_ABS%/$MACHINE_ID/$KERNEL_VERSION}
 BOOT_MNT=$(stat -c %m $BOOT_ROOT)
-ENTRY_DIR=/${ENTRY_DIR_ABS#$BOOT_MNT}
+ENTRY_DIR=${ENTRY_DIR_ABS#$BOOT_MNT}
 
 if [[ $COMMAND == remove ]]; then
     rm -f "$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION.conf"

src/libsystemd/sd-device/device-enumerator.c

@@ -420,7 +420,8 @@ static int enumerator_scan_dir_and_add_devices(sd_device_enumerator *enumerator,
 
         dir = opendir(path);
         if (!dir)
-                return -errno;
+                /* this is necessarily racey, so ignore missing directories */
+                return (errno == ENOENT && (subdir1 || subdir2)) ? 0 : -errno;
 
         FOREACH_DIRENT_ALL(dent, dir, return -errno) {
                 _cleanup_(sd_device_unrefp) sd_device *device = NULL;

src/shared/seccomp-util.c

@@ -322,6 +322,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "membarrier\0"
                 "mmap\0"
                 "mmap2\0"
+                "munmap\0"
                 "nanosleep\0"
                 "pause\0"
                 "prlimit64\0"
@@ -471,7 +472,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "mkdirat\0"
                 "mknod\0"
                 "mknodat\0"
-                "munmap\0"
                 "newfstatat\0"
                 "oldfstat\0"
                 "oldlstat\0"