Re: [pkg-apparmor] Bug#1050256: autopkgtest fails on debci
- To: 1050256@bugs.debian.org, Debian Kernel Team <debian-kernel@lists.debian.org>
- Cc: John Johansen <john.johansen@canonical.com>, Mathias Gibbens <gibmat@debian.org>
- Subject: Re: [pkg-apparmor] Bug#1050256: autopkgtest fails on debci
- From: intrigeri <intrigeri@debian.org>
- Date: Sun, 17 Sep 2023 12:01:37 +0530
- Message-id: <[🔎] 87pm2hpaye.fsf@manticora>
- In-reply-to: <5281e65f-a83e-4d5f-abbd-d7993c95d779@debian.org>
- References: <169271330498.34427.2191706613553030083.reportbug@pluto.milchstrasse.xx> <5918c126-ff0e-beb9-5bdb-6adf04a5a309@canonical.com> <21e4922cccbb76800cc0b851ced5b3bf43456225.camel@debian.org> <a398ae1a-5fd4-4463-b4e6-bde7fb6c2380@debian.org> <169271330498.34427.2191706613553030083.reportbug@pluto.milchstrasse.xx> <835dbeb1-ca5f-9a89-c54b-58f60e7188c4@canonical.com> <87o7ibbkrl.fsf@manticora> <5281e65f-a83e-4d5f-abbd-d7993c95d779@debian.org>
Control: reassign -1 src:linux
Control: retitle -1 AppArmor breaks locking non-fs Unix sockets
Control: affects -1 src:apparmor src:lxc src:systemd src:pdns src:policykit-1
Control: found -1 6.1.38-1
Control: found -1 6.1.38-2
Control: notfound -1 6.3.1-1~exp1
Hi Debian Kernel Team,
In the last month or so, a number of people from various Debian teams
and other distributions have been tracking down a regression that
affects systems upgraded to Bookworm: services that use certain
systemd facilities such as PrivateNetwork=yes fail to start in LXC/LXD
containers. Among other things, this breaks the autopkgtests of many
packages, such as systemd, on ci.debian.net (#1050256). This was
tracked down to a kernel regression, for which a fix landed in Linux
6.2:
1cf26c3d2c4c apparmor: fix apparmor mediating locking non-fs unix sockets
Work is ongoing to backport the fix to linux-stable/linux-6.1.y.
I'm Cc'ing John and Mathias who have been working on this.
FYI, ideally this would be fixed in the upcoming Bookworm
point-release (12.2, early October).
Current workarounds:
- ci.debian.net was upgraded to the bookworm-backports kernel
- various packages maintainers have added workarounds such as disabling
PrivateNetwork=yes for autopkgtests
Cheers,
--
intrigeri
Reply to: