Bug#1106502: systemd: SetCredentialEncrypted broken for user services

Val Markovic val at markovic.io
Sun May 25 09:06:53 BST 2025 

Package: systemd
Version: 257.5-2
Severity: normal
X-Debbugs-Cc: val at markovic.io

Dear Maintainer,

SetCredentialEncrypted is broken for user services in systemd v257.5. The
detailed bug report has been filed upstream at
https://github.com/systemd/systemd/issues/37598 and has already been fixed in
https://github.com/systemd/systemd/pull/35536 (5 months ago), but it doesn't
seem to be targeting v257 minor releases (for unknown reasons).

Would it be possible to get the fix for this issue in debian before Trixie is
released?

I encountered this issue while trying to "kick the tires" of Trixie before the
stable release and it's the only problem I've found (so far) that makes rootless
containers in Podman painful on Trixie. (Podman Quadlets create systemd service
unit files. This is not a bug in Podman, only systemd.) Naturally, this problem
doesn't exist when using rootful containers (since `root` doesn't hit the
premissions issue).

It would reaaaaally suck to have this bug for the next 2 years and "snatch
defeat from the jaws of victory" for rootless containers on Debian Stable.
Rootless containers are fantastic for improving system security.

-- Package-specific info:

-- System Information:
Debian Release: 13.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.27-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd depends on:
ii  libacl1            2.3.2-2+b1
ii  libapparmor1       4.1.0-1
ii  libc6              2.41-8
ii  libmount1          2.41-5
ii  libpam0g           1.7.0-3
ii  libseccomp2        2.6.0-2
ii  libselinux1        3.8.1-1
ii  libssl3t64         3.5.0-1
ii  libsystemd-shared  257.5-2
ii  libsystemd0        257.5-2
ii  mount              2.41-5

Versions of packages systemd recommends:
ii  dbus [default-dbus-system-bus]   1.16.2-2
ii  linux-sysctl-defaults            4.11
pn  systemd-cryptsetup               <none>
ii  systemd-timesyncd [time-daemon]  257.5-2

Versions of packages systemd suggests:
ii  libtss2-tcti-device0t64 [libtss2-tcti-device0]  4.1.3-1.2
ii  polkitd                                         126-2
pn  systemd-boot                                    <none>
ii  systemd-container                               257.5-2
pn  systemd-homed                                   <none>
pn  systemd-repart                                  <none>
pn  systemd-resolved                                <none>
pn  systemd-userdbd                                 <none>

Versions of packages systemd is related to:
ii  dbus-user-session  1.16.2-2
pn  dracut             <none>
ii  initramfs-tools    0.147
ii  libnss-systemd     257.5-2
ii  libpam-systemd     257.5-2
ii  udev               257.5-2

-- no debconf information

More information about the Pkg-systemd-maintainers mailing list