Package: libvirt-daemon-system Version: 3.7.0-2 Severity: normal Hi,
since some fairly recent sid upgrade, my VMs don't get network anymore and my logs contain lots of: kernel: audit: type=1400 audit(1505719435.761:27425226): apparmor="DENIED" operation="file_perm" info="Failed name lookup - disconnected path" error=-13 profile="libvirt-213ff882-ce4b-035d-e2b1-9059d66cd67d" name="dev/net/tun" pid=25947 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=119 ouid=0 I've tried passing flags=(attach_disconnected) in /etc/apparmor.d/libvirt/TEMPLATE.qemu but that did not fix the bug for some reason, so I've reverted this change. My current workaround is to disable private mount namespaces in /etc/libvirt/qemu.conf: namespaces = [ ] FWIW the network these VMs are connected to looks like: <network connections='1'> <name>routed</name> <uuid>054fadcc-23da-4014-94e7-cdde77924045</uuid> <forward mode='route'/> <bridge name='vmz0' stp='on' delay='0'/> […] </network> Cheers! -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'stable-updates'), (500, 'oldstable-updates'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.12.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages libvirt-daemon-system depends on: ii adduser 3.116 ii debconf 1.5.63 ii gettext-base 0.19.8.1-4 ii init-system-helpers 1.49 ii iptables 1.6.1-2 ii libacl1 2.2.52-3+b1 ii libapparmor1 2.11.0-10 ii libaudit1 1:2.7.7-1+b2 ii libblkid1 2.29.2-5 ii libc6 2.24-17 ii libcap-ng0 0.7.7-3+b1 ii libdbus-1-3 1.11.16+really1.10.22-1 ii libdevmapper1.02.1 2:1.02.142-1 ii libnl-3-200 3.2.27-2 ii libnl-route-3-200 3.2.27-2 ii libnuma1 2.0.11-2.1 ii libselinux1 2.7-2 ii libvirt-clients 3.7.0-2 ii libvirt-daemon 3.7.0-2 ii libvirt0 3.7.0-2 ii libxml2 2.9.4+dfsg1-4 ii libyajl2 2.1.0-2+b3 ii logrotate 3.11.0-0.1 ii lsb-base 9.20170808 ii policykit-1 0.105-18 Versions of packages libvirt-daemon-system recommends: ii bridge-utils 1.5-14 ii dmidecode 3.1-1 ii dnsmasq-base 2.77-2 ii ebtables 2.0.10.4-3.5+b1 ii iproute2 4.9.0-2 ii parted 3.2-17 Versions of packages libvirt-daemon-system suggests: ii apparmor 2.11.0-10 pn auditd <none> ii nfs-common 1:1.3.4-2.1+b1 ii pm-utils 1.4.1-17 ii radvd 1:2.16-3 ii systemd 234-3 pn systemtap <none> pn zfsutils <none> -- debconf information: libvirt-daemon-system/id_warning: true -- intrigeri