[Libguestfs] [libguestfs PATCH v2 0/7] lib: support networking with passt

Richard W.M. Jones rjones at redhat.com
Thu Jul 20 12:18:49 UTC 2023 

On Thu, Jul 20, 2023 at 11:45:11AM +0100, Richard W.M. Jones wrote:
> So I get this error with upstream libguestfs:
> 
>   Original error from libvirt: internal error: Child process (/usr/bin/passt --one-off --socket /run/user/1000/libvirt/qemu/run/passt/160-guestfs-s42xm02n9vqv-net0.socket --mac-addr 52:54:00:3d:ce:ce --pid /run/user/1000/libvirt/qemu/run/passt/160-guestfs-s42xm02n9vqv-net0-passt.pid --address 169.254.2.15 --netmask 16) unexpected exit status 1: Couldn't create user namespace: Permission denied
> 
> The error is reproducible simply by enabling the network, eg:
> 
>   $ ./run virt-rescue --network --scratch
>   Formatting '/home/rjones/d/libguestfs/tmp/libguestfsceCpVM/overlay2.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=4294967296 backing_file=/home/rjones/d/libguestfs/tmp/.guestfs-1000/appliance.d/root backing_fmt=raw lazy_refcounts=off refcount_bits=16
>   libguestfs: error: could not create appliance through libvirt.
> 
>   Try running qemu directly without libvirt using this environment variable:
>   export LIBGUESTFS_BACKEND=direct
> 
>   Original error from libvirt: internal error: Child process (/usr/bin/passt --one-off --socket /run/user/1000/libvirt/qemu/run/passt/1-guestfs-5t3jzdetn416-net0.socket --mac-addr 52:54:00:30:df:35 --pid /run/user/1000/libvirt/qemu/run/passt/1-guestfs-5t3jzdetn416-net0-passt.pid --address 169.254.2.15 --netmask 16) unexpected exit status 1: Couldn't create user namespace: Permission denied
>    [code=1 int1=-1]
> 
> (This also happens with the direct backend, same error)
> 
> Is this a known thing?  I have the latest libvirt & passt from Fedora
> Rawhide:
> 
>   libvirt-daemon-9.5.0-1.fc39.x86_64
>   passt-0^20230627.g289301b-1.fc39.x86_64

Thanks to Stefano for helping to debug this.  It turns out it's an
SELinux problem (unshare CLONE_NEWUSER is denied).  An updated
passt-selinux should fix this eventually.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html

More information about the Libguestfs mailing list