Hello Chris, Downstream didn't really do anything so far on this topic. I also can only reproduce this issue on Kernel 5.15 and higher.
I don't know whether setting / as ReadOnly directly or using ProtectSystem=strict along with PrivateDevices=true, ProtectKernelTunables=true and ProtectControlGroups=true is the more secure configuration. as for reproducing, I can reproduce it pretty consistently on LXC containers on new kernels, but not on 5.10 or 5.12. This is probably going to lead to a dead end Best Regards, Johannes

