Michael Ströder
2017-Mar-14 09:51 UTC
[libvirt-users] trouble after upgrading from 3.0.0 to 3.1.0
HI! After the last OS update (openSUSE Tumbleweed) with libvirt being updated from 3.0.0 to 3.1.0 starting the VMs (qemu-kvm) does not work anymore: error: internal error: child reported: Kernel does not provide mount namespace: Permission denied Kernel was updated before to 4.10.1 and worked just fine with libvirt 3.0.0 packages. Any clue how to work around that? Ciao, Michael.
Michal Privoznik
2017-Mar-14 11:56 UTC
Re: [libvirt-users] trouble after upgrading from 3.0.0 to 3.1.0
On 03/14/2017 10:51 AM, Michael Ströder wrote:> HI! > > After the last OS update (openSUSE Tumbleweed) with libvirt being updated from 3.0.0 to > 3.1.0 starting the VMs (qemu-kvm) does not work anymore: > > error: internal error: child reported: Kernel does not provide mount namespace: > Permission deniedHey, this is definitely a libvirt bug. Since 3.1.0 libvirt spawns each qemu in its own mount namespace so that it can have private /dev mount. I've heard that there are some issues with AppArmor - is that what are you using? Can you try the current git HEAD - there were some fixes applied after 3.1.0 release. Meanwhile, you can disable namespaces by setting: namespaces=[] in qemu.conf. However, that should be just temporary solution until we fix all the bugs. Michal
Michael Ströder
2017-Mar-14 16:03 UTC
Re: [libvirt-users] trouble after upgrading from 3.0.0 to 3.1.0
Michal Privoznik wrote:> On 03/14/2017 10:51 AM, Michael Ströder wrote: >> HI! >> >> After the last OS update (openSUSE Tumbleweed) with libvirt being updated from 3.0.0 to >> 3.1.0 starting the VMs (qemu-kvm) does not work anymore: >> >> error: internal error: child reported: Kernel does not provide mount namespace: >> Permission denied > > Hey, this is definitely a libvirt bug. Since 3.1.0 libvirt spawns each > qemu in its own mount namespace so that it can have private /dev mount. > I've heard that there are some issues with AppArmor - is that what are > you using?Hmm, yes. I was using AppArmor. Disabling it helped. I will point the author of the AppArmor profiles in this direction.> Meanwhile, you can disable namespaces by setting: > > namespaces=[] > > in qemu.conf.Only setting this did not help. Ciao, Michael.