http://bugzilla.opensuse.org/show_bug.cgi?id=1058847 Bug ID: 1058847 Summary: libvirt fails to start guest - error: Kernel does not provide mount namespace: Permission denied Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: AppArmor Assignee: suse-beta@cboltz.de Reporter: neyers@geod.uni-bonn.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I updated my system yesterday evening and this morning and could not start my kvm/qemu virtual machines after. The following error appears in virsh:
virsh # connect qemu:///system
virsh # start opensuse42.3-desktop error: Failed to start domain opensuse42.3-desktop error: internal error: child reported: Kernel does not provide mount namespace: Permission denied
This also happens in: https://bugzilla.opensuse.org/show_bug.cgi?id=1045158 I checked /var/log/audit/audit.log for apparmor issues and found the following entries:
type=AVC msg=audit(1505466698.704:526): apparmor="DENIED" operation="ptrace" profile="/usr/sbin/libvirtd" pid=6293 comm="libvirtd" requested_mask="trace" denied_mask="trace" peer="unconfined"
type=AVC msg=audit(1505466699.828:534): apparmor="DENIED" operation="ptrace" profile="/usr/sbin/libvirtd" pid=6621 comm="libvirtd" requested_mask="trace" denied_mask="trace" peer="/usr/sbin/libvirtd"
After editing /etc/apparmor.d/usr.sbin.libvirtd to include
ptrace trace peer=/usr/sbin/libvirtd,
and restarting apparmor.service and libvirtd.service it started working again. -- You are receiving this mail because: You are on the CC list for the bug.