Hi Michael, On Wed, 2017-04-05 at 19:08 +0200, Michael Ströder wrote:
Hmmpf! It seems I've not thoroughly tested last time:
# virsh start ae-dir-deb-p1 error: Failed to start domain ae-dir-deb-p1 error: internal error: child reported: Kernel does not provide mount namespace: Permission denied
To help me reproduce, could you provide me the output of this command and tell me if you changed anything to files in /etc/libvirt? virsh dumpxml ae-dir-deb-p1
Here's the DENIED line (see more lines below):
type=AVC msg=audit(1491411990.547:300): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/libvirtd" name="" pid=5413 comm="libvirtd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Could you try adding one of the attach_disconnect and chroot_attach flags in the /etc/apparmor.d/usr.sbin.libvirtd. Theoritically you only need to reload the profile to update it, but I usually also restart libvirtd to be on the safe side. I guess attach_disconnect would work, while I'm not sure about chroot_attach. Could you please open a bug report in bugzilla to track this down (and assign it to me). -- Cedric -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org