[Pkg-libvirt-maintainers] Bug#908341: libvirt-daemon-system: apparmor prevents VM start with kernel 4.18
Austin Roach
ahroach at gmail.com
Sat Sep 8 18:04:57 BST 2018
Package: libvirt-daemon-system
Version: 4.6.0-2
Severity: important
After the kernel upgrade to 4.18 in unstable, attempts to start a VM
fail with messages like:
audit[17319]: AVC apparmor="DENIED" operation="ptrace"
profile="/usr/sbin/libvirtd" pid=17319 comm="libvirtd"
requested_mask="read" denied_mask="read"
peer="libvirt-7cd5e81e-eef7-4d3f-a58f-c9c9968acad8"
libvirtd[3150]: 2018-09-08 16:13:55.885+0000: 3197: error :
virProcessRunInMountNamespace:1159 : internal error: child reported:
Kernel does not provide mount namespace: Permission denied
kernel: audit: type=1400 audit(1536423235.880:44): apparmor="DENIED"
operation="ptrace" profile="/usr/sbin/libvirtd" pid=17319
comm="libvirtd" requested_mask="read" denied_mask="read"
peer="libvirt-7cd5e81e-eef7-4d3f-a58f-c9c9968acad8"
The same issue was previously experienced by Ubuntu developers [1],
who produced a patch [2] that was incorporated into libvirt upstream
[3]. This commit was included in the 4.7.0 release of libvirt.
Cheers,
Austin
[1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1788603
[2] https://www.redhat.com/archives/libvir-list/2018-August/msg01532.html
[3] https://libvirt.org/git/p=libvirt.git;a=commit;h=8741b9435108b1f0d87670e44e1ed75f806b7791
More information about the Pkg-libvirt-maintainers
mailing list