Package: transmission-daemon
Version: 4.1.0~beta2+dfsg-3
Severity: normal
I've installed transmission-daemon in a freshly installed trixie
container on a freshly installed trixie host (armhf architecture, if
that's relevant)
After some minimal configuration (download directory, password,
rpc-whitelist), I've tried to restart the service and it failed with
status=226/NAMESPACE
# systemctl status transmission-daemon
× transmission-daemon.service - Transmission BitTorrent Daemon
Loaded: loaded (/usr/lib/systemd/system/transmission-daemon.service;
enabled; preset: enabled)
Active: failed (Result: exit-code) since Thu 2025-08-14 15:04:43 UTC;
9min ago
Invocation: 264979fa46dc478c87d686a08c9d1e27
Docs: man:transmission-daemon(1)
Process: 426 ExecStart=/usr/bin/transmission-daemon -f
--log-level=warning (code=exited, status=226/NAMESPACE)
Main PID: 426 (code=exited, status=226/NAMESPACE)
Mem peak: 1M
CPU: 39ms
dmesg had the following apparmor related messages:
[Thu Aug 14 14:06:27 2025] audit: type=1400 audit(1755180387.887:165):
apparmor=
"DENIED" operation="mount" class="mount" info="failed flags match"
error=-13 pro
file="lxc-container-default-cgns" name="/dev/hugepages/" pid=4264
comm="mount" f
lags="rw, move"
[Thu Aug 14 14:06:27 2025] audit: type=1400 audit(1755180387.887:166):
apparmor=
"DENIED" operation="mount" class="mount" info="failed flags match"
error=-13 pro
file="lxc-container-default-cgns" name="/dev/mqueue/" pid=4265 comm="mount"
flag
s="rw, move"
[Thu Aug 14 14:06:27 2025] audit: type=1400 audit(1755180387.899:167):
apparmor=
"DENIED" operation="mount" class="mount" info="failed flags match"
error=-13 pro
file="lxc-container-default-cgns" name="/run/lock/" pid=4266 comm="mount"
flags=
"rw, move"
[Thu Aug 14 14:06:27 2025] audit: type=1400 audit(1755180387.919:168):
apparmor="DENIED" operation="mount" class="mount" info="failed flags match"
error=-13 profile="lxc-container-default-cgns" name="/tmp/" pid=4267
comm="mount" flags="rw, move"
[Thu Aug 14 14:06:27 2025] audit: type=1400 audit(1755180387.927:169):
apparmor="DENIED" operation="userns_create" class="namespace"
profile="lxc-container-default-cgns" pid=4269 comm="(journald)"
requested="userns_create" denied="userns_create"
[Thu Aug 14 14:06:27 2025] audit: type=1400 audit(1755180387.927:170):
apparmor="DENIED" operation="mount" class="mount" info="failed flags match"
error=-13 profile="lxc-container-default-cgns" name="/dev/shm/" pid=4274
comm="(sd-mkdcreds)" flags="ro, nosuid, nodev, noexec, remount, nosymfollow,
bind"
[Thu Aug 14 14:06:27 2025] audit: type=1400 audit(1755180387.939:171):
apparmor="DENIED" operation="mount" class="mount" info="failed flags match"
error=-13 profile="lxc-container-default-cgns" name="/dev/shm/" pid=4275
comm="(sd-mkdcreds)" flags="ro, nosuid, nodev, noexec, remount, nosymfollow,
bind"
[Thu Aug 14 14:06:28 2025] audit: type=1400 audit(1755180387.947:172):
apparmor="DENIED" operation="mount" class="mount" info="failed flags match"
error=-13 profile="lxc-container-default-cgns" name="/dev/shm/" pid=4276
comm="(sd-mkdcreds)" flags="ro, nosuid, nodev, noexec, remount, nosymfollow,
bind"
[Thu Aug 14 14:06:28 2025] audit: type=1400 audit(1755180388.003:173):
apparmor="DENIED" operation="userns_create" class="namespace"
profile="lxc-container-default-cgns" pid=4277 comm="(journald)"
requested="userns_create" denied="userns_create"
[Thu Aug 14 14:06:28 2025] audit: type=1400 audit(1755180388.003:174):
apparmor="DENIED" operation="mount" class="mount" info="failed flags match"
error=-13 profile="lxc-container-default-cgns" name="/dev/shm/" pid=4280
comm="(sd-mkdcreds)" flags="ro, nosuid, nodev, noexec, remount, nosymfollow,
bind"
[Thu Aug 14 14:21:57 2025] kauditd_printk_skb: 18 callbacks suppressed
[Thu Aug 14 14:21:57 2025] audit: type=1400 audit(1755181317.535:193):
apparmor="DENIED" operation="mount" class="mount" info="failed flags match"
error=-13 profile="lxc-container-default-cgns" name="/dev/shm/" pid=4579
comm="(sd-mkdcreds)" flags="ro, nosuid, nodev, noexec, remount, nosymfollow,
bind"
[Thu Aug 14 15:04:43 2025] audit: type=1400 audit(1755183883.058:194):
apparmor="DENIED" operation="mount" class="mount" info="failed flags match"
error=-13 profile="lxc-container-default-cgns" name="/tmp/" pid=5010
comm="mount" flags="rw, move"
[Thu Aug 14 15:04:43 2025] audit: type=1400 audit(1755183883.134:195):
apparmor="DENIED" operation="mount" class="mount" info="failed perms check"
error=-13 profile="lxc-container-default-cgns"
name="/run/systemd/mount-rootfs/" pid=5011 comm="(n-daemon)" srcname="/"
flags="rw, rbind"
Running transmission-daemon directly from the command line with
sudo -u debian-transmission /usr/bin/transmission-daemon -f --log-level=info
is working, so I suspect it's an interaction between the hardening
options in /usr/lib/systemd/system/transmission-daemon.service and the
container?
If the problem is that I'm missing some extra configuration because of
the container situation, would it be possible to document it in a
README.Debian in the usual place, please?
Thanks in advance
