Control: reassign -1 src:linux Control: retitle -1 AppArmor breaks locking non-fs Unix sockets Control: affects -1 src:apparmor src:lxc src:systemd src:pdns src:policykit-1 Control: found -1 6.1.38-1 Control: found -1 6.1.38-2 Control: notfound -1 6.3.1-1~exp1
Hi Debian Kernel Team, In the last month or so, a number of people from various Debian teams and other distributions have been tracking down a regression that affects systems upgraded to Bookworm: services that use certain systemd facilities such as PrivateNetwork=yes fail to start in LXC/LXD containers. Among other things, this breaks the autopkgtests of many packages, such as systemd, on ci.debian.net (#1050256). This was tracked down to a kernel regression, for which a fix landed in Linux 6.2: 1cf26c3d2c4c apparmor: fix apparmor mediating locking non-fs unix sockets Work is ongoing to backport the fix to linux-stable/linux-6.1.y. I'm Cc'ing John and Mathias who have been working on this. FYI, ideally this would be fixed in the upcoming Bookworm point-release (12.2, early October). Current workarounds: - ci.debian.net was upgraded to the bookworm-backports kernel - various packages maintainers have added workarounds such as disabling PrivateNetwork=yes for autopkgtests Cheers, -- intrigeri
