[pkg-lxc-devel] Bug#1050256: [pkg-apparmor] Bug#1050256: autopkgtest fails on debci

intrigeri intrigeri at debian.org
Sun Sep 17 07:31:37 BST 2023


Control: reassign -1 src:linux
Control: retitle -1 AppArmor breaks locking non-fs Unix sockets
Control: affects -1 src:apparmor src:lxc src:systemd src:pdns src:policykit-1
Control: found -1 6.1.38-1
Control: found -1 6.1.38-2
Control: notfound -1 6.3.1-1~exp1

Hi Debian Kernel Team,

In the last month or so, a number of people from various Debian teams
and other distributions have been tracking down a regression that
affects systems upgraded to Bookworm: services that use certain
systemd facilities such as PrivateNetwork=yes fail to start in LXC/LXD
containers. Among other things, this breaks the autopkgtests of many
packages, such as systemd, on ci.debian.net (#1050256). This was
tracked down to a kernel regression, for which a fix landed in Linux
6.2:

  1cf26c3d2c4c apparmor: fix apparmor mediating locking non-fs unix sockets

Work is ongoing to backport the fix to linux-stable/linux-6.1.y.
I'm Cc'ing John and Mathias who have been working on this.

FYI, ideally this would be fixed in the upcoming Bookworm
point-release (12.2, early October).

Current workarounds:

 - ci.debian.net was upgraded to the bookworm-backports kernel
 - various packages maintainers have added workarounds such as disabling
   PrivateNetwork=yes for autopkgtests

Cheers,
-- 
intrigeri



More information about the Pkg-lxc-devel mailing list