From d7f750b1b1c5ea4da5aa537b9baba0e01b0ce843 Mon Sep 17 00:00:00 2001
From: Armin Rigo <arigo@tunes.org>
Date: Wed, 24 Apr 2024 11:20:43 +0200
Subject: [PATCH] Mention the systemd issue with old-style callbacks (#74)

* Mention the systemd issue with old-style callbacks

* Copy the whole explanation
---
 doc/source/using.rst | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/doc/source/using.rst b/doc/source/using.rst
index b73ae965..0069e376 100644
--- a/doc/source/using.rst
+++ b/doc/source/using.rst
@@ -891,6 +891,10 @@ ffi.callback() and the result is the same.
     - `On Mac OS X,`__ you need to give your application the entitlement
       ``com.apple.security.cs.allow-unsigned-executable-memory``.
 
+    - On Linux, ``systemd`` installs syscall filtering rules on services
+      it supervises.   The `MemoryDenyWriteExecute=` setting in
+      `systemd.exec(5)` defaults to on, and can quietly block this.
+
     Note also that a cffi fix for this issue was attempted---see
     the ``ffi_closure_alloc`` branch---but was not merged because it
     creates potential `memory corruption`__ with ``fork()``.