[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt-users] trouble after upgrading from 3.0.0 to 3.1.0



On 03/14/2017 05:03 PM, Michael Ströder wrote:
> Michal Privoznik wrote:
>> On 03/14/2017 10:51 AM, Michael Ströder wrote:
>>> HI!
>>>
>>> After the last OS update (openSUSE Tumbleweed) with libvirt being updated from 3.0.0 to
>>> 3.1.0 starting the VMs (qemu-kvm) does not work anymore:
>>>
>>> error: internal error: child reported: Kernel does not provide mount namespace:
>>> Permission denied
>>
>> Hey, this is definitely a libvirt bug. Since 3.1.0 libvirt spawns each
>> qemu in its own mount namespace so that it can have private /dev mount.
>> I've heard that there are some issues with AppArmor - is that what are
>> you using?
> 
> Hmm, yes. I was using AppArmor. Disabling it helped. I will point the author of the
> AppArmor profiles in this direction.

Yeah, I still know that AppArmor is preventing our namespaces code from
working properly. Unfortunately, I don't know much about it, and
certainly not enough to fix it. But maybe I can find somebody who does.

> 
>> Meanwhile, you can disable namespaces by setting:
>>
>>   namespaces=[]
>>
>> in qemu.conf.
> 
> Only setting this did not help.

Have you restarted libvirtd afterwards? Maybe I should have written that
explicitly instead of assuming it. Also, this is meant as a temporary
workaround. Disabling namespaces does not enable the full security
features. Ideally, users would use namespaces without even noticing it.

Michal


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]