[Pkg-libvirt-maintainers] Bug#877926: libvirt-daemon-system: Can't start VMs with AppArmor enabled and Linux 4.13+
intrigeri at debian.org
intrigeri at debian.org
Sat Oct 7 11:02:38 UTC 2017
Package: libvirt-daemon-system
Version: 3.7.0-4
Severity: normal
Tags: patch
Hi,
since I've upgraded to Linux 4.13 my VMs don't start anymore,
and virt-manager tells me "Error starting domain: internal error:
child reported: Kernel does not provide mount namespace: Permission
denied".
The logs say:
apparmor="DENIED" operation="ptrace" profile="/usr/sbin/libvirtd" pid=19409 comm="libvirtd" requested_mask="trace" denied_mask="trace" peer="libvirt-14dcf3fa-a4d5-4c5a-82ea-3f624b44c7ef"
This (stolen from Ubuntu) fixes it:
--- a/apparmor.d/usr.sbin.libvirtd
+++ b/apparmor.d/usr.sbin.libvirtd
@@ -37,6 +37,9 @@
network packet dgram,
network packet raw,
+ # Grant bare ptrace
+ ptrace,
+
# Very lenient profile for libvirtd since we want to first focus on confining
# the guests. Guests will have a very restricted profile.
/ r,
Cheers,
--
intrigeri
More information about the Pkg-libvirt-maintainers
mailing list