Hi, On Thu, Nov 28, 2024 at 03:35:21PM +0100, Harald Dunkel wrote: > Hi Salvatore, > > you missed the point: needrestart must *not* restart LXC containers, > even if it is not a false positive. There is a high risk for data > corruption. > > needrestart doesn't have sufficient information how the container was > started in the first place. This is unlike docker, for example.
Maybe this is the case that I missed the point, but I believe upstream is trying to handle the regression from the CVE-2024-48991 fix in https://github.com/liske/needrestart/issues/317 . If we still have on regression from 3.7-3 to 3.7-3.1 and still up to 3.7-3.2 then we need to bring that up to upstream. Do you have (ideally minimal, but if that's not possible then as good as possible) test case which can be brought up to upstream? I would like to see things stabilizing in unstable first before I do the regression fixes in bookworm and bullseye. Thank you, Regards, Salvatore
