ago 23 14:40:18 calabresa audit[5997]: AVC apparmor="DENIED" operation="ptrace" profile="/usr/sbin/libvirtd" pid=5997 comm="libvirtd" requested_mask="read" denied_mask="read" peer="unconfined" ago 22 18:00:12 calabresa audit[4409]: AVC apparmor="DENIED" operation="ptrace" profile="/usr/sbin/libvirtd" pid=4409 comm="libvirtd" requested_mask="read" denied_mask="read" peer="libvirt-14e92a75-7668-4b97-8f92-322fc1b9c78a" ago 23 09:18:06 calabresa audit[2507]: AVC apparmor="DENIED" operation="ptrace" profile="/usr/sbin/libvirtd" pid=2507 comm="libvirtd" requested_mask="read" denied_mask="read" peer="unconfined"
Here are some messages with the apparmor denial. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1788603 Title: libvirt fails with failure to open mount namespace Status in libvirt package in Ubuntu: New Status in linux package in Ubuntu: In Progress Status in libvirt source package in Cosmic: New Status in linux source package in Cosmic: In Progress Bug description: $ virsh start cosmic-i386 error: Failed to start domain cosmic-i386 error: internal error: child reported: Kernel does not provide mount namespace: Permission denied Happens with 4.18 only, 4.17 is fine. 27013 openat(AT_FDCWD, "/proc/27012/ns/mnt", O_RDONLY) = -1 EACCES (Permission denied) Opening a self or parent mount namespace works fine as tested with cat /proc/self/ns/mnt and cat /proc/self/$$/mnt. Still investigating. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1788603/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
