test: Add failing/non-failing syscall filter test setting architecture

This adds a high level test verifying that syscall filtering in
combination with a simple architecture filter for the "native"
architecture works fine.

src/test/test-execute.c

@@ -713,8 +713,10 @@ static void test_exec_systemcallfilter(Manager *m) {
 
         test(m, "exec-systemcallfilter-not-failing.service", 0, CLD_EXITED);
         test(m, "exec-systemcallfilter-not-failing2.service", 0, CLD_EXITED);
+        test(m, "exec-systemcallfilter-not-failing3.service", 0, CLD_EXITED);
         test(m, "exec-systemcallfilter-failing.service", SIGSYS, CLD_KILLED);
         test(m, "exec-systemcallfilter-failing2.service", SIGSYS, CLD_KILLED);
+        test(m, "exec-systemcallfilter-failing3.service", SIGSYS, CLD_KILLED);
 
         r = find_executable("python3", NULL);
         if (r < 0) {

test/test-execute/exec-systemcallfilter-failing3.service

@@ -0,0 +1,9 @@
+[Unit]
+Description=Test for SystemCallFilter
+
+[Service]
+ExecStart=/bin/sh -c '/bin/echo "This should not be seen"'
+Type=oneshot
+LimitCORE=0
+SystemCallArchitectures=native
+SystemCallFilter=~write open execve fexecve execveat exit_group close mmap munmap fstat DONOTEXIST

test/test-execute/exec-systemcallfilter-not-failing3.service

@@ -0,0 +1,8 @@
+[Unit]
+Description=Test for SystemCallFilter
+
+[Service]
+ExecStart=/bin/sh -c 'echo "Foo bar"'
+Type=oneshot
+SystemCallArchitectures=native
+SystemCallFilter=