From 1e1f82420d7f57fd628f738f28d6e1370a53a3c6 Mon Sep 17 00:00:00 2001
From: Alice Frosi <afrosi@redhat.com>
Date: Tue, 9 Jun 2026 08:17:07 +0000
Subject: [PATCH 1/3] CI: pin systemd to 255.4-1ubuntu8.15 to test KVM
 regression

The systemd 255.4-1ubuntu8.16 update from noble-updates breaks
/dev/kvm passthrough into podman containers. Pin to .15 to verify
this is the root cause before filing an upstream issue.

Assisted-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .github/workflows/integration-tests.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml
index 50920d8..e67e4e2 100644
--- a/.github/workflows/integration-tests.yml
+++ b/.github/workflows/integration-tests.yml
@@ -65,7 +65,12 @@ jobs:
             libgpgme-dev \
             libbtrfs-dev \
             libdevmapper-dev \
-            pkg-config
+            pkg-config \
+            systemd=255.4-1ubuntu8.15 \
+            libsystemd0=255.4-1ubuntu8.15 \
+            libsystemd-shared=255.4-1ubuntu8.15 \
+            libudev1=255.4-1ubuntu8.15 \
+            udev=255.4-1ubuntu8.15
 
       - name: Configure Podman
         run: |

From 1a7aa5794add419a9aca55da932d53ca1d12a7fb Mon Sep 17 00:00:00 2001
From: Alice Frosi <afrosi@redhat.com>
Date: Tue, 9 Jun 2026 08:21:10 +0000
Subject: [PATCH 2/3] CI: pin all systemd-related packages to avoid .16 upgrade

Pin libudev-dev and other systemd reverse dependencies to .15 to
prevent apt from pulling in .16 transitively.

Assisted-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .github/workflows/integration-tests.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml
index e67e4e2..e6684bb 100644
--- a/.github/workflows/integration-tests.yml
+++ b/.github/workflows/integration-tests.yml
@@ -67,9 +67,16 @@ jobs:
             libdevmapper-dev \
             pkg-config \
             systemd=255.4-1ubuntu8.15 \
+            systemd-dev=255.4-1ubuntu8.15 \
+            systemd-resolved=255.4-1ubuntu8.15 \
+            systemd-sysv=255.4-1ubuntu8.15 \
+            systemd-coredump=255.4-1ubuntu8.15 \
             libsystemd0=255.4-1ubuntu8.15 \
             libsystemd-shared=255.4-1ubuntu8.15 \
             libudev1=255.4-1ubuntu8.15 \
+            libudev-dev=255.4-1ubuntu8.15 \
+            libnss-systemd=255.4-1ubuntu8.15 \
+            libpam-systemd=255.4-1ubuntu8.15 \
             udev=255.4-1ubuntu8.15
 
       - name: Configure Podman

From 3a365f42e0a7382c1a078c92b9d01cdb729f68c8 Mon Sep 17 00:00:00 2001
From: Alice Frosi <afrosi@redhat.com>
Date: Tue, 9 Jun 2026 08:24:02 +0000
Subject: [PATCH 3/3] CI: move KVM setup after apt-get to survive udev upgrade

The systemd 255.4-1ubuntu8.16 upgrade resets /dev/kvm permissions.
Move chmod 666 /dev/kvm after the package install step so it runs
after any udev changes take effect.

Assisted-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .github/workflows/integration-tests.yml | 25 +++++++------------------
 1 file changed, 7 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml
index e6684bb..889403b 100644
--- a/.github/workflows/integration-tests.yml
+++ b/.github/workflows/integration-tests.yml
@@ -29,11 +29,6 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Set up KVM
-        run: |
-          sudo chmod 666 /dev/kvm
-          ls -la /dev/kvm
-
       - name: Configure kernel for nested containers
         run: |
           # Unload all AppArmor profiles from the kernel.
@@ -65,19 +60,13 @@ jobs:
             libgpgme-dev \
             libbtrfs-dev \
             libdevmapper-dev \
-            pkg-config \
-            systemd=255.4-1ubuntu8.15 \
-            systemd-dev=255.4-1ubuntu8.15 \
-            systemd-resolved=255.4-1ubuntu8.15 \
-            systemd-sysv=255.4-1ubuntu8.15 \
-            systemd-coredump=255.4-1ubuntu8.15 \
-            libsystemd0=255.4-1ubuntu8.15 \
-            libsystemd-shared=255.4-1ubuntu8.15 \
-            libudev1=255.4-1ubuntu8.15 \
-            libudev-dev=255.4-1ubuntu8.15 \
-            libnss-systemd=255.4-1ubuntu8.15 \
-            libpam-systemd=255.4-1ubuntu8.15 \
-            udev=255.4-1ubuntu8.15
+            pkg-config
+
+      - name: Set up KVM
+        run: |
+          # Re-apply after apt-get which may upgrade udev and reset device permissions
+          sudo chmod 666 /dev/kvm
+          ls -la /dev/kvm
 
       - name: Configure Podman
         run: |