Package: systemd
Version: 252.17-1~deb12u1
Severity: important
Dear Maintainer,
* What led up to the situation?
Fedora39 running as host, Debian Bookworm container is started via podman.
Packages systemd and redis get installed in the container, then trying to
start redis via 'systemctl start redis fails'.
'journalctl -xeu redis-server.service' says:
(s-server)[66]: Failed to mount /run/systemd/inaccessible/reg to
/run/systemd/unit-root/proc/kallsyms: Permission denied
(s-server)[66]: redis-server.service: Failed to set up mount namespacing:
/run/systemd/unit-root/proc/kallsyms: Permission denied
(s-server)[66]: redis-server.service: Failed at step NAMESPACE spawning
/usr/bin/redis-server: Permission denied
* What exactly did you do (or not do) that was effective (or
ineffective)?
Using a Debian trixie container, the issue does not appear.
I see this on both amd64 and aarch64 architecture.
I think everybody trying to run redis in a Bookworm
container will hit this issue.
* Reproducer
To be executed on a Fedora39 system, as user:
```
sudo dnf -y install podman
mkdir -p ~/repro/build-bookworm
cat >~/repro/build-bookworm/Containerfile<<EOT
FROM docker.io/library/debian:bookworm
ENV DEBIAN_FRONTEND noninteractive
RUN apt update && apt upgrade -y && \
apt install -y systemd redis
CMD [ "/lib/systemd/systemd" ]
EOT
cd ~/repro
podman build -t repro build-bookworm/
podman run --name repro -d --security-opt seccomp=unconfined \
localhost/repro /lib/systemd/systemd
podman exec -it repro bash
# now to be executed on the containers shell which opened
systemctl start redis
```
-- Package-specific info:
-- System Information:
Debian Release: 12.2
APT prefers stable-security
APT policy: (810, 'stable-security'), (810, 'stable'), (809,
'proposed-updates'), (500, 'stable-debug')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-13-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages systemd depends on:
ii libacl1 2.3.1-3
ii libaudit1 1:3.0.9-1
ii libblkid1 2.38.1-5+b1
ii libc6 2.36-9+deb12u3
ii libcap2 1:2.66-4
ii libcryptsetup12 2:2.6.1-4~deb12u1
ii libfdisk1 2.38.1-5+b1
ii libgcrypt20 1.10.1-3
ii libkmod2 30+20221128-1
ii liblz4-1 1.9.4-1
ii liblzma5 5.4.1-0.2
ii libmount1 2.38.1-5+b1
ii libp11-kit0 0.24.1-2
ii libseccomp2 2.5.4-1+b3
ii libselinux1 3.4-1+b6
ii libssl3 3.0.11-1~deb12u2
ii libsystemd-shared 252.17-1~deb12u1
ii libsystemd0 252.17-1~deb12u1
ii libzstd1 1.5.4+dfsg2-5
ii mount 2.38.1-5+b1
Versions of packages systemd recommends:
ii chrony [time-daemon] 4.3-2+deb12u1
ii dbus [default-dbus-system-bus] 1.14.10-1~deb12u1
Versions of packages systemd suggests:
ii libfido2-1 1.12.0-2+b1
pn libqrencode4 <none>
pn libtss2-esys-3.0.2-0 <none>
pn libtss2-mu0 <none>
pn libtss2-rc0 <none>
pn polkitd | policykit-1 <none>
pn systemd-boot <none>
pn systemd-container <none>
pn systemd-homed <none>
pn systemd-resolved <none>
pn systemd-userdbd <none>
Versions of packages systemd is related to:
ii dbus-user-session 1.14.10-1~deb12u1
pn dracut <none>
ii initramfs-tools 0.142
ii libnss-systemd 252.17-1~deb12u1
ii libpam-systemd 252.17-1~deb12u1
ii udev 252.17-1~deb12u1
-- Configuration Files:
/etc/systemd/journald.conf changed [not included]
/etc/systemd/system.conf changed [not included]
-- no debconf information
