Closed
Description
systemd version the issue has been seen with
256.5-1
Used distribution
Arch Linux
Linux kernel version used
6.10.7
CPU architectures issue was seen on
x86_64
Component
systemd-nspawn
Expected behaviour you didn't see
0 crw-rw-rw- 1 root root 10, 200 Sep 3 21:10 /dev/net/tun
Unexpected behaviour you saw
0 crw-rw-rw- 1 vu-container-0 vg-container-0 10, 200 Sep 3 21:10 /dev/net/tun
Everytime you start a container the /dev/net/tun device got the permission of the unprivileged user (root) from container. But you have to manual chown root: /dev/net/tun to make /dev/net/tun work for example with qemu. This does not happen for example with other device like /dev/dri/card0
Steps to reproduce the problem
Create nspawn file: /etc/systemd/nspawn/container.nspawn
[Exec]
Ephemeral=on
Boot=yes
NoNewPrivileges=yes
PrivateUsers=pick
Hostname=container
[Network]
Private=yes
VirtualEthernet=yes
Start via systemctl start systemd-nspawn@container
Additional program output to the terminal or log subsystem illustrating the issue
No response