On Mon, 05 Aug 2024 at 00:43:06 +0100, Simon McVittie wrote: > A sid lxc container in a bookworm VM (built with a-b-lxc from bookworm) > doesn't currently start up at all for me
I reported that separately, as #1078165. After resolving that by using autopkgtest(-virt-lxc) from bookworm-backports, I cannot reproduce the accountsservice test failure (in a sid lxc container on bookworm, built with a-b-lxc from bookworm). accountsservice's relationship with policykit-1, combined with the timing of Paul's bug report, makes me think that this could be #1050256 "AppArmor breaks locking non-fs Unix sockets" and its symptom #1042880 "systemd: service with PrivateNetwork=yes fails inside lxc container on bookworm". We now have at least two workarounds for those: as per <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050256#264>, systemd falls back from PrivateNetwork=yes to PrivateNetwork=no if necessary; and policykit-1 is also patched to turn off PrivateNetwork=yes (which can probably be reverted, now that systemd has a workaround). So I think that theory is consistent with why sid's accountsservice now passes its autopkgtest when run in lxc on bookworm. The test failure I saw under a-v-podman is concerning, but probably ought to be a separate bug report - and probably non-RC, since Debian's production infrastructure is currently based on a-v-lxc (and ideally a-v-qemu) only? smcv
