Permission denied while pasta tries to open network namespace about podman HOT 3 CLOSED

It is a issue with pasta (passt), most likely apparmor blocking access when you are on debian. You should check the audit.log to confirm. Or disable apparmor.
I don't know how you installed this as debian stable doesn't ship these updates but please check the installed apparmor policy.

from podman.

It is a issue with pasta (passt), most likely apparmor blocking access when you are on debian. You should check the audit.log to confirm. Or disable apparmor.

Yeah, there is a log in the journal: AVC apparmor="DENIED" operation="open" profile="passt" name="/run/user/1000/netns/netns-fc48cae4-8a15-67d8-f96d-f2e683d49dc5" pid=2292 comm="passt.avx2" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

Thanks. Disable passt profile did it: apparmor_parser -R /etc/apparmor.d/usr.bin.passt

Or defining this rules in the usr.bin.passt profile did it as well:

@{run}/user/1000/** wr,
/dev/net/tun wr,

But I am not familiar with apparmor rules and if this are the most restricted and minimalist rules?!

I don't know how you installed this as debian stable doesn't ship these updates but please check the installed apparmor policy.

They are installed by another repository, where these versions come from.

from podman.

You should check your installed profile. pasta ships a working profile upstream https://passt.top/passt/tree/contrib/apparmor/usr.bin.pasta so it is best to use that and if there are problems with that profile report them to the pasta maintainers.

from podman.