X-Debbugs-CC: Andrea Bolognani <[email protected]> On Tue, 6 Jan 2026 22:45:06 +0100 (CET) Niklas Edmundsson <[email protected]> wrote:
> The exact command I ran as root was: Oops, I missed this detail. Running virt-install as root means libvirtd will run as root and, in turn, passt will run under a subprofile of libvirtd's policy. The ABI version that applies in this case is the one from libvirt's policy, 4.0. If virt-install runs as regular user instead (what I more routinely test and regularly use), passt will run under its own profile, because of: https://passt.top/passt/commit/?id=f66769c2de82550ac1ee2548960c09a4b052341f and in that case the ABI version is 3.0, so user namespace creation is implicitly allowed. I just sent an upstream patch for passt which upgrades the ABI version to 4.0 and explicitly allows creation of user namespace: https://archives.passt.top/passt-dev/[email protected]/ and I'll take care of backporting it to trixie eventually, as it's a quite fundamental breakage. -- Stefano
