[Pkg-libvirt-maintainers] Bug#883574: libvirt-daemon-system: fails to start any VM with apparmor enforced

Kjö Hansi Glaz kjo at a4nancy.net.eu.org
Tue Dec 5 11:19:43 UTC 2017

Package: libvirt-daemon-system
Version: 3.9.0-1
Severity: normal

Dear Maintainer,

   * What led up to the situation?

Apparmor is in enforce mode.

   * What exactly did you do (or not do) that was effective (or

Try to start any VM.

   * What was the outcome of this action?

I get the following error:

   libvirtError: internal error: Process exited prior to exec: libvirt:
   error : Failed to switch root mount into slave mode: Permission denied

Please note that I don't see any line in the journal.

   * What outcome did you expect instead?

The VM to start. Setting apparmor to complain mode (aa-complain
usr.sbin.libvirtd) worksaround the issue

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (900, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.14.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libvirt-daemon-system depends on:
ii  adduser                3.116
ii  debconf [debconf-2.0]  1.5.65
ii  gettext-base 
ii  iptables               1.6.1-2+b1
ii  libacl1                2.2.52-3+b1
ii  libapparmor1           2.11.1-3
ii  libaudit1              1:2.8.1-2
ii  libblkid1              2.30.2-0.1
ii  libc6                  2.25-3
ii  libcap-ng0             0.7.7-3.1+b1
ii  libdbus-1-3            1.12.2-1
ii  libdevmapper1.02.1     2:1.02.145-4.1
ii  libgnutls30            3.5.16-1
ii  libnl-3-200            3.2.27-2
ii  libnl-route-3-200      3.2.27-2
ii  libnuma1               2.0.11-2.1
ii  libselinux1            2.7-2
ii  libvirt-clients        3.9.0-1
ii  libvirt-daemon         3.9.0-1
ii  libvirt0               3.9.0-1
ii  libxml2                2.9.4+dfsg1-5.1
ii  libyajl2               2.1.0-2+b3
ii  logrotate              3.11.0-0.1
ii  lsb-base               9.20170808
ii  policykit-1            0.105-18

Versions of packages libvirt-daemon-system recommends:
ii  bridge-utils  1.5-14
ii  dmidecode     3.1-1
ii  dnsmasq-base  2.78-1
ii  ebtables
ii  iproute2      4.9.0-2.1
ii  parted        3.2-18

Versions of packages libvirt-daemon-system suggests:
ii  apparmor    2.11.1-3
pn  auditd      <none>
ii  nfs-common  1:1.3.4-2.1+b1
ii  pm-utils    1.4.1-17
pn  radvd       <none>
ii  systemd     235-3
pn  systemtap   <none>
pn  zfsutils    <none>

-- debconf information:
  libvirt-daemon-system/id_warning: true

More information about the Pkg-libvirt-maintainers mailing list