Bug#908362: VMs fail to start with "Kernel does not provide mount namespace: Permission denied"

Sat, 08 Sep 2018 20:03:18 -0700 

Package: libvirt-daemon-system
Version: 4.6.0-2
Severity: grave

Hi,

with the kernel update to 4.18, I'm no longer able to start any VMs via
libvirt/virt-manager. I get the following error:

Error starting domain: internal error: child reported: Kernel does not provide 
mount namespace: Permission denied

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 89, in cb_wrapper
    callback(asyncjob, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 125, in tmpcb
    callback(*args, **kwargs)
  File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 82, in newfn
    ret = fn(self, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/domain.py", line 1508, in startup
    self._backend.create()
  File "/usr/lib/python2.7/dist-packages/libvirt.py", line 1080, in create
    if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)
libvirtError: internal error: child reported: Kernel does not provide mount 
namespace: Permission denied

If I disable AppArmor, I can successfully start the VMs.
Since AppArmor is enabled by default, I think the RC severity is
justified.
I've CCed the AppArmor maintainers, as I'm not sure if this is a bug in
this package or apparmor. Please reassign if necessary.

Regards,
Michael


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.18.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libvirt-daemon-system depends on:
ii  adduser                3.117
ii  debconf [debconf-2.0]  1.5.69
ii  firewalld              0.6.1-2
ii  gettext-base           0.19.8.1-7
ii  iptables               1.6.2-1.1
ii  libacl1                2.2.52-3+b1
ii  libapparmor1           2.13-8
ii  libaudit1              1:2.8.4-2
ii  libblkid1              2.32.1-0.1
ii  libc6                  2.27-6
ii  libcap-ng0             0.7.9-1
ii  libdbus-1-3            1.12.10-1
ii  libdevmapper1.02.1     2:1.02.145-4.1
ii  libgnutls30            3.5.19-1
ii  libnl-3-200            3.4.0-1
ii  libnl-route-3-200      3.4.0-1
ii  libnuma1               2.0.12-1
ii  libselinux1            2.8-1+b1
ii  libvirt-clients        4.6.0-2
ii  libvirt-daemon         4.6.0-2
ii  libvirt0               4.6.0-2
ii  libxml2                2.9.4+dfsg1-7+b1
ii  libyajl2               2.1.0-2+b3
ii  logrotate              3.14.0-4
ii  lsb-base               9.20170808
ii  policykit-1            0.105-21

Versions of packages libvirt-daemon-system recommends:
ii  bridge-utils                 1.5-16
ii  dmidecode                    3.1-2
ii  dnsmasq-base [dnsmasq-base]  2.79-1
ii  ebtables                     2.0.10.4-5
ii  iproute2                     4.18.0-2
ii  parted                       3.2-21+b1

Versions of packages libvirt-daemon-system suggests:
ii  apparmor    2.13-8
pn  auditd      <none>
ii  nfs-common  1:1.3.4-2.2
pn  open-iscsi  <none>
pn  pm-utils    <none>
pn  radvd       <none>
ii  systemd     239-8
pn  systemtap   <none>
pn  zfsutils    <none>

-- Configuration Files:
/etc/libvirt/nwfilter/allow-arp.xml [Errno 13] Keine Berechtigung: 
'/etc/libvirt/nwfilter/allow-arp.xml'
/etc/libvirt/nwfilter/allow-dhcp-server.xml [Errno 13] Keine Berechtigung: 
'/etc/libvirt/nwfilter/allow-dhcp-server.xml'
/etc/libvirt/nwfilter/allow-dhcp.xml [Errno 13] Keine Berechtigung: 
'/etc/libvirt/nwfilter/allow-dhcp.xml'
/etc/libvirt/nwfilter/allow-incoming-ipv4.xml [Errno 13] Keine Berechtigung: 
'/etc/libvirt/nwfilter/allow-incoming-ipv4.xml'
/etc/libvirt/nwfilter/allow-ipv4.xml [Errno 13] Keine Berechtigung: 
'/etc/libvirt/nwfilter/allow-ipv4.xml'
/etc/libvirt/nwfilter/clean-traffic-gateway.xml [Errno 13] Keine Berechtigung: 
'/etc/libvirt/nwfilter/clean-traffic-gateway.xml'
/etc/libvirt/nwfilter/clean-traffic.xml [Errno 13] Keine Berechtigung: 
'/etc/libvirt/nwfilter/clean-traffic.xml'
/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml [Errno 13] Keine Berechtigung: 
'/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml'
/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml [Errno 13] Keine Berechtigung: 
'/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml'
/etc/libvirt/nwfilter/no-arp-spoofing.xml [Errno 13] Keine Berechtigung: 
'/etc/libvirt/nwfilter/no-arp-spoofing.xml'
/etc/libvirt/nwfilter/no-ip-multicast.xml [Errno 13] Keine Berechtigung: 
'/etc/libvirt/nwfilter/no-ip-multicast.xml'
/etc/libvirt/nwfilter/no-ip-spoofing.xml [Errno 13] Keine Berechtigung: 
'/etc/libvirt/nwfilter/no-ip-spoofing.xml'
/etc/libvirt/nwfilter/no-mac-broadcast.xml [Errno 13] Keine Berechtigung: 
'/etc/libvirt/nwfilter/no-mac-broadcast.xml'
/etc/libvirt/nwfilter/no-mac-spoofing.xml [Errno 13] Keine Berechtigung: 
'/etc/libvirt/nwfilter/no-mac-spoofing.xml'
/etc/libvirt/nwfilter/no-other-l2-traffic.xml [Errno 13] Keine Berechtigung: 
'/etc/libvirt/nwfilter/no-other-l2-traffic.xml'
/etc/libvirt/nwfilter/no-other-rarp-traffic.xml [Errno 13] Keine Berechtigung: 
'/etc/libvirt/nwfilter/no-other-rarp-traffic.xml'
/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml [Errno 13] Keine 
Berechtigung: '/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml'
/etc/libvirt/nwfilter/qemu-announce-self.xml [Errno 13] Keine Berechtigung: 
'/etc/libvirt/nwfilter/qemu-announce-self.xml'
/etc/libvirt/qemu.conf [Errno 13] Keine Berechtigung: '/etc/libvirt/qemu.conf'
/etc/libvirt/qemu/networks/default.xml [Errno 13] Keine Berechtigung: 
'/etc/libvirt/qemu/networks/default.xml'

-- debconf information excluded

Reply via email to