So, investigated this into an apparmor difference between 4.17 and 4.18.
This is due to commit 338d0be437ef10e247a35aed83dbab182cf406a2
("apparmor: fix ptrace read check").
libvirtd here is using only trace, and not read. The patch below for
libvirtd apparmor policy fixes it for me.
--- /etc/apparmor.d/usr.sbin.libvirtd 2018-08-23 14:52:04.574252908 -0300
+++ ../usr.sbin.libvirtd 2018-08-23 14:51:46.773728841 -0300
@@ -50,10 +50,10 @@
# for --p2p migrations
unix (send, receive) type=stream addr=none peer=(label=unconfined addr=none),
- ptrace (trace) peer=unconfined,
- ptrace (trace) peer=/usr/sbin/libvirtd,
- ptrace (trace) peer=/usr/sbin/dnsmasq,
- ptrace (trace) peer=libvirt-*,
+ ptrace (read,trace) peer=unconfined,
+ ptrace (read,trace) peer=/usr/sbin/libvirtd,
+ ptrace (read,trace) peer=/usr/sbin/dnsmasq,
+ ptrace (read,trace) peer=libvirt-*,
signal (send) peer=/usr/sbin/dnsmasq,
signal (read, send) peer=libvirt-*,
** Also affects: libvirt (Ubuntu)
Importance: Undecided
Status: New
** Also affects: libvirt (Ubuntu Cosmic)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Cosmic)
Importance: High
Assignee: Thadeu Lima de Souza Cascardo (cascardo)
Status: In Progress
** Changed in: libvirt (Ubuntu Cosmic)
Importance: Undecided => Critical
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1788603
Title:
libvirt fails with failure to open mount namespace
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1788603/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
