Add syscalls for merge operation error (#18148)

github-actions[bot] · Rajat Gupta · github-actions[bot] · commit f7ac9567fdd8 · 2025-04-29T21:13:53.000Z
Signed-off-by: Rajat Gupta <gptrajat@amazon.com> Co-authored-by: Rajat Gupta <gptrajat@amazon.com> (cherry picked from commit 33b88a2) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
diff --git a/distribution/packages/src/common/systemd/opensearch.service b/distribution/packages/src/common/systemd/opensearch.service
@@ -100,6 +100,8 @@ LockPersonality=yes
 # System call filterings which restricts which system calls a process can make
 # @ means allowed
 # ~ means not allowed
+# These syscalls are related to mmap which is needed for OpenSearch Services
+SystemCallFilter=madvise mincore mlock mlock2 munlock get_mempolicy sched_getaffinity sched_setaffinity fcntl
 SystemCallFilter=@system-service
 SystemCallFilter=~@reboot
 SystemCallFilter=~@swap
@@ -138,7 +140,7 @@ ReadWritePaths=-/etc/opensearch
 ReadWritePaths=-/mnt/snapshots
 
 ## Allow read access to system files
-ReadOnlyPaths=/etc/os-release /usr/lib/os-release /etc/system-release
+ReadOnlyPaths=-/etc/os-release -/usr/lib/os-release -/etc/system-release
 
 ## Allow read access to Linux IO stats
 ReadOnlyPaths=/proc/self/mountinfo /proc/diskstats
