Package: libvirt-daemon-system Version: 3.7.0-4 Severity: normal Tags: patch
Hi, since I've upgraded to Linux 4.13 my VMs don't start anymore, and virt-manager tells me "Error starting domain: internal error: child reported: Kernel does not provide mount namespace: Permission denied". The logs say: apparmor="DENIED" operation="ptrace" profile="/usr/sbin/libvirtd" pid=19409 comm="libvirtd" requested_mask="trace" denied_mask="trace" peer="libvirt-14dcf3fa-a4d5-4c5a-82ea-3f624b44c7ef" This (stolen from Ubuntu) fixes it: --- a/apparmor.d/usr.sbin.libvirtd +++ b/apparmor.d/usr.sbin.libvirtd @@ -37,6 +37,9 @@ network packet dgram, network packet raw, + # Grant bare ptrace + ptrace, + # Very lenient profile for libvirtd since we want to first focus on confining # the guests. Guests will have a very restricted profile. / r, Cheers, -- intrigeri
