[libvirt-users] trouble after upgrading from 3.0.0 to 3.1.0
Michal Privoznik
mprivozn at redhat.com
Wed Mar 15 09:00:46 UTC 2017
On 03/14/2017 05:03 PM, Michael Ströder wrote:
> Michal Privoznik wrote:
>> On 03/14/2017 10:51 AM, Michael Ströder wrote:
>>> HI!
>>>
>>> After the last OS update (openSUSE Tumbleweed) with libvirt being updated from 3.0.0 to
>>> 3.1.0 starting the VMs (qemu-kvm) does not work anymore:
>>>
>>> error: internal error: child reported: Kernel does not provide mount namespace:
>>> Permission denied
>>
>> Hey, this is definitely a libvirt bug. Since 3.1.0 libvirt spawns each
>> qemu in its own mount namespace so that it can have private /dev mount.
>> I've heard that there are some issues with AppArmor - is that what are
>> you using?
>
> Hmm, yes. I was using AppArmor. Disabling it helped. I will point the author of the
> AppArmor profiles in this direction.
Yeah, I still know that AppArmor is preventing our namespaces code from
working properly. Unfortunately, I don't know much about it, and
certainly not enough to fix it. But maybe I can find somebody who does.
>
>> Meanwhile, you can disable namespaces by setting:
>>
>> namespaces=[]
>>
>> in qemu.conf.
>
> Only setting this did not help.
Have you restarted libvirtd afterwards? Maybe I should have written that
explicitly instead of assuming it. Also, this is meant as a temporary
workaround. Disabling namespaces does not enable the full security
features. Ideally, users would use namespaces without even noticing it.
Michal
More information about the libvirt-users
mailing list