Bug ID 1045158
Summary libvirt doesn't start virtual machines if apparmor is enabled
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.3
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component AppArmor
Assignee suse-beta@cboltz.de
Reporter alarrosa@suse.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

I updated my Leap 42.2 machine to Leap 42.3 Beta today and my virtual machines
(using virt-manager) can't be started anymore. 

The error I get is:

Error al iniciar dominio: internal error: child reported: Kernel does not
provide mount namespace: Permission denied

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 88, in
cb_wrapper
    callback(asyncjob, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 124, in tmpcb
    callback(*args, **kwargs)
  File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 83, in
newfn
    ret = fn(self, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/domain.py", line 1488, in startup
    self._backend.create()
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1062, in create
    if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)
libvirtError: internal error: child reported: Kernel does not provide mount
namespace: Permission denied

Once I stopped apparmor with systemctl stop apparmor.service, virtual machines
can be started fine. If I start apparmor afterwards, I can stop and start
virtual machines correctly, but if I do: systemctl restart libvirtd with
apparmor running, then I can't run virtual machines anymore.

In Factory it works fine, so it seems there's some fix done in Factory's
apparmor-profiles that wasn't backported to Leap 42.3 (nor SLE12 SP3).

You are receiving this mail because: