On Sun, 25 Apr 2021 at 08:11:48 +0200, Paul Gevers wrote: > On 25-04-2021 01:55, Aurelien Jarno wrote: > > It appears that all the failures are related to containers. I have been > > able to reproduce the issue with a bullseye kernel, which defaults to > > kernel.unprivileged_userns_clone=1. It seems the autopkgtest runners > > still use a buster kernel (at least in the case of this build log). > > That's correct, all workers run stable except s390x. > > > Could it be that kernel.unprivileged_userns_clone is enabled on some of > > the runners? > > If I want to make our workers equal, I guess > changing them all to the default sounds sane, right? Do you know if the > default is different for buster and bullseye?
The default was kernel.unprivileged_userns_clone=0 in buster kernels and was switched to kernel.unprivileged_userns_clone=1 in bullseye kernels. References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898446 https://salsa.debian.org/kernel-team/linux/-/commit/a381917851e762684ebe28e04c5ae0d8be7f42c7 If you want a quick way to get consistent behaviour, installing the bubblewrap package from bullseye (but not buster-backports!) installs a sysctl.d fragment to set kernel.unprivileged_userns_clone=1 even on older kernels. smcv
