Bug ID | 1058847 |
---|---|
Summary | libvirt fails to start guest - error: Kernel does not provide mount namespace: Permission denied |
Classification | openSUSE |
Product | openSUSE Tumbleweed |
Version | Current |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | AppArmor |
Assignee | suse-beta@cboltz.de |
Reporter | neyers@geod.uni-bonn.de |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
I updated my system yesterday evening and this morning and could not start my kvm/qemu virtual machines after. The following error appears in virsh: > virsh # connect qemu:///system > > virsh # start opensuse42.3-desktop > error: Failed to start domain opensuse42.3-desktop > error: internal error: child reported: Kernel does not provide mount namespace: Permission denied This also happens in: https://bugzilla.opensuse.org/show_bug.cgi?id=1045158 I checked /var/log/audit/audit.log for apparmor issues and found the following entries: > type=AVC msg=audit(1505466698.704:526): apparmor="DENIED" operation="ptrace" profile="/usr/sbin/libvirtd" pid=6293 comm="libvirtd" requested_mask="trace" denied_mask="trace" peer="unconfined" > type=AVC msg=audit(1505466699.828:534): apparmor="DENIED" operation="ptrace" profile="/usr/sbin/libvirtd" pid=6621 comm="libvirtd" requested_mask="trace" denied_mask="trace" peer="/usr/sbin/libvirtd" After editing /etc/apparmor.d/usr.sbin.libvirtd to include > ptrace trace peer=/usr/sbin/libvirtd, and restarting apparmor.service and libvirtd.service it started working again.