I strongly suspect this is related to apparmor more than to anything else. We’ve seen some changing behaviour in this area that results in exactly this issue, readlink /proc/1/ns/mnt being denied. To be certain we need to see the denial run question and check how the upstream kernel treats that operation. Once we have this information we can discuss with the security team where (probably) jj might pinpoint the missing patch.
1 Like