Am 31.08.23 um 08:41 schrieb Michael Biebl:
On Tue, 22 Aug 2023 16:08:24 +0200 Michael Biebl <bi...@debian.org> wrote:Source: systemd Version: 254.1-2 Severity: importantLooking at https://ci.debian.net/packages/s/systemd/unstable/amd64/ , systemd has been failing on debci since about the beginning of May. Asking around on #debci, this might be kernel related, as the debci related systems were upgraded to bookworm around that time.What we found so far is, that the AppArmor policy of lxc breaks any systemd service using PrivateNetwork=yes or PrivateIPC=yes when being run under lxc (running under bookworm using the bookworm kernel).I wonder what the best course of action is here.Should we disable the AA policy of lxc via a stable upload of the lxc package until the root cause is found?Unfortunately I know too little about AppArmor and lxc's AppArmor policy and my attempts to ask around for help weren't successful so far.
I.e. by setting `lxc.apparmor.profile = unconfined` in /etc/lxc/default.conf and regenerating the autopkgtest container on bookworm, the failures are gone.
OpenPGP_signature.asc
Description: OpenPGP digital signature