Control: forwarded -1 https://github.com/systemd/systemd/issues/35311 Control: tags -1 upstream fixed-upstream Control: affects -1 hardening-runtime Control: severity -1 important Justification: is very likely to make hardened systems—these often being remote servers—unreachable or mostly so
I've been bitten by this: my VPS was mostly unreachable since OpenSSH and other critical services failed to start, so I had to use an escape hatch offered by my hosting provider. I had the hardening-runtime package installed which disables user namespacing out-of-the-box. That triggers this esoteric issue in systemd that's been introduced in the new version..This issue was only reported upstream a few days ago. As a workaround, commenting out the line in the file installed by hardening-runtime, or simply removing hardening-runtime, can permit services to work again. In particular, if you're able to remotely access the file system but not access the shell, simply deleting or changing this file and triggering a reboot can get you back in.
