Package: systemd Version: 252.17-1~deb12u1 Severity: important Dear Maintainer,
* What led up to the situation? Fedora39 running as host, Debian Bookworm container is started via podman. Packages systemd and redis get installed in the container, then trying to start redis via 'systemctl start redis fails'. 'journalctl -xeu redis-server.service' says: (s-server)[66]: Failed to mount /run/systemd/inaccessible/reg to /run/systemd/unit-root/proc/kallsyms: Permission denied (s-server)[66]: redis-server.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc/kallsyms: Permission denied (s-server)[66]: redis-server.service: Failed at step NAMESPACE spawning /usr/bin/redis-server: Permission denied * What exactly did you do (or not do) that was effective (or ineffective)? Using a Debian trixie container, the issue does not appear. I see this on both amd64 and aarch64 architecture. I think everybody trying to run redis in a Bookworm container will hit this issue. * Reproducer To be executed on a Fedora39 system, as user: ``` sudo dnf -y install podman mkdir -p ~/repro/build-bookworm cat >~/repro/build-bookworm/Containerfile<<EOT FROM docker.io/library/debian:bookworm ENV DEBIAN_FRONTEND noninteractive RUN apt update && apt upgrade -y && \ apt install -y systemd redis CMD [ "/lib/systemd/systemd" ] EOT cd ~/repro podman build -t repro build-bookworm/ podman run --name repro -d --security-opt seccomp=unconfined \ localhost/repro /lib/systemd/systemd podman exec -it repro bash # now to be executed on the containers shell which opened systemctl start redis ``` -- Package-specific info: -- System Information: Debian Release: 12.2 APT prefers stable-security APT policy: (810, 'stable-security'), (810, 'stable'), (809, 'proposed-updates'), (500, 'stable-debug') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-13-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages systemd depends on: ii libacl1 2.3.1-3 ii libaudit1 1:3.0.9-1 ii libblkid1 2.38.1-5+b1 ii libc6 2.36-9+deb12u3 ii libcap2 1:2.66-4 ii libcryptsetup12 2:2.6.1-4~deb12u1 ii libfdisk1 2.38.1-5+b1 ii libgcrypt20 1.10.1-3 ii libkmod2 30+20221128-1 ii liblz4-1 1.9.4-1 ii liblzma5 5.4.1-0.2 ii libmount1 2.38.1-5+b1 ii libp11-kit0 0.24.1-2 ii libseccomp2 2.5.4-1+b3 ii libselinux1 3.4-1+b6 ii libssl3 3.0.11-1~deb12u2 ii libsystemd-shared 252.17-1~deb12u1 ii libsystemd0 252.17-1~deb12u1 ii libzstd1 1.5.4+dfsg2-5 ii mount 2.38.1-5+b1 Versions of packages systemd recommends: ii chrony [time-daemon] 4.3-2+deb12u1 ii dbus [default-dbus-system-bus] 1.14.10-1~deb12u1 Versions of packages systemd suggests: ii libfido2-1 1.12.0-2+b1 pn libqrencode4 <none> pn libtss2-esys-3.0.2-0 <none> pn libtss2-mu0 <none> pn libtss2-rc0 <none> pn polkitd | policykit-1 <none> pn systemd-boot <none> pn systemd-container <none> pn systemd-homed <none> pn systemd-resolved <none> pn systemd-userdbd <none> Versions of packages systemd is related to: ii dbus-user-session 1.14.10-1~deb12u1 pn dracut <none> ii initramfs-tools 0.142 ii libnss-systemd 252.17-1~deb12u1 ii libpam-systemd 252.17-1~deb12u1 ii udev 252.17-1~deb12u1 -- Configuration Files: /etc/systemd/journald.conf changed [not included] /etc/systemd/system.conf changed [not included] -- no debconf information