http://bugzilla.opensuse.org/show_bug.cgi?id=1045158 Bug ID: 1045158 Summary: libvirt doesn't start virtual machines if apparmor is enabled Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: AppArmor Assignee: suse-beta@cboltz.de Reporter: alarrosa@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I updated my Leap 42.2 machine to Leap 42.3 Beta today and my virtual machines (using virt-manager) can't be started anymore. The error I get is: Error al iniciar dominio: internal error: child reported: Kernel does not provide mount namespace: Permission denied Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 88, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/asyncjob.py", line 124, in tmpcb callback(*args, **kwargs) File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 83, in newfn ret = fn(self, *args, **kwargs) File "/usr/share/virt-manager/virtManager/domain.py", line 1488, in startup self._backend.create() File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1062, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirtError: internal error: child reported: Kernel does not provide mount namespace: Permission denied Once I stopped apparmor with systemctl stop apparmor.service, virtual machines can be started fine. If I start apparmor afterwards, I can stop and start virtual machines correctly, but if I do: systemctl restart libvirtd with apparmor running, then I can't run virtual machines anymore. In Factory it works fine, so it seems there's some fix done in Factory's apparmor-profiles that wasn't backported to Leap 42.3 (nor SLE12 SP3). -- You are receiving this mail because: You are on the CC list for the bug.