Bug ID | 1045158 |
---|---|
Summary | libvirt doesn't start virtual machines if apparmor is enabled |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 42.3 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | AppArmor |
Assignee | suse-beta@cboltz.de |
Reporter | alarrosa@suse.com |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
I updated my Leap 42.2 machine to Leap 42.3 Beta today and my virtual machines (using virt-manager) can't be started anymore. The error I get is: Error al iniciar dominio: internal error: child reported: Kernel does not provide mount namespace: Permission denied Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 88, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/asyncjob.py", line 124, in tmpcb callback(*args, **kwargs) File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 83, in newfn ret = fn(self, *args, **kwargs) File "/usr/share/virt-manager/virtManager/domain.py", line 1488, in startup self._backend.create() File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1062, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirtError: internal error: child reported: Kernel does not provide mount namespace: Permission denied Once I stopped apparmor with systemctl stop apparmor.service, virtual machines can be started fine. If I start apparmor afterwards, I can stop and start virtual machines correctly, but if I do: systemctl restart libvirtd with apparmor running, then I can't run virtual machines anymore. In Factory it works fine, so it seems there's some fix done in Factory's apparmor-profiles that wasn't backported to Leap 42.3 (nor SLE12 SP3).