[pkg-go] Bug#1095048: /usr/lib/systemd/user/podman-restart.service: user level podman-restart should not run as root

Sam Hartman hartmans at debian.org
Mon Feb 3 04:41:22 GMT 2025 

Package: podman
Version: 5.3.2+ds1-1
Severity: important
File: /usr/lib/systemd/user/podman-restart.service
X-Debbugs-Cc: hartmans at debian.org, hartmans at debian.org

I upgraded from bookworm to trixie, and discovered that several of my
services were not working.  I logged into the container host and
things were fine.  I logged out again, and then things failed.

After some investigation, I find that podman-restart is enabled both
as a system service and as a user service.  For normal users that's
fine, but for root, that means that any containers started by
podman-restart at a system level will be shut down whenever the root
user session exits (say last ssh session exits).
Podman needs to arrange not to run the user-level podman-restart as root somehow.

As a work around I ran systemctl mask --user podman-restart

That's not really appropriate for a maintainer script to do: the
system might not be running systemd at the time, and it is probably
not appropriate for a maintainer script to touch /root/.config
directly.

Something needs to happen though.



-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.11-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages podman depends on:
ii  conmon                           2.1.12-3
ii  crun                             1.18.2-1
ii  golang-github-containers-common  0.61.1+ds1-1
ii  init-system-helpers              1.68
ii  libc6                            2.40-6
ii  libgpgme11t64                    1.24.1-2
ii  libseccomp2                      2.5.5-2
ii  libsqlite3-0                     3.46.1-1
ii  libsubid5                        1:4.16.0-7
ii  netavark                         1.12.1-9

Versions of packages podman recommends:
ii  buildah             1.38.1+ds1-1
ii  ca-certificates     20241223
ii  catatonit           0.2.1-1
ii  containers-storage  1.56.1+ds1-1
ii  criu                4.0-3
ii  dbus-user-session   1.16.0-1
ii  libcriu2            4.0-3
ii  passt               0.0~git20250121.4f2c8e7-1
ii  slirp4netns         1.2.1-1+b1
ii  uidmap              1:4.16.0-7

Versions of packages podman suggests:
ii  containernetworking-plugins  1.1.1+ds1-3+b13
pn  docker-compose               <none>
ii  iptables                     1.8.11-2

-- no debconf information

More information about the Pkg-go-maintainers mailing list