To reduce the problem, I added this patch in salsa to tell needrestart to not restart the opensnitch service by default. It will still restart when opensnitch is upgraded, but should not be proposed for a restart when other packages are installed or upgraded.
commit 99744c90b543f4300ed4cd881f6de3f2bb52926a Author: Petter Reinholdtsen <[email protected]> Date: Thu Apr 24 06:38:42 2025 +0200 Added needrestart conf to avoid opensnitch restarts. diff --git a/debian/no-opensnitch-restart.conf b/debian/no-opensnitch-restart.conf new file mode 100644 index 00000000..a9dbded1 --- /dev/null +++ b/debian/no-opensnitch-restart.conf @@ -0,0 +1,3 @@ +# tell needrestart to not touch opensnitch, to avoid reseting all TCP +# connection, see <URL: https://bugs.debian.org/1103496 >. +$nrconf{override_rc}{qr(^opensnitch)} = 0; diff --git a/debian/opensnitch.install b/debian/opensnitch.install index 751664cf..9463f48b 100644 --- a/debian/opensnitch.install +++ b/debian/opensnitch.install @@ -1,3 +1,4 @@ daemon/default-config.json etc/opensnitchd/ daemon/system-fw.json etc/opensnitchd/ #ebpf_prog/opensnitch.o etc/opensnitchd/ +debian/no-opensnitch-restart.conf etc/needrestart/conf.d/ -- Happy hacking Petter Reinholdtsen
