Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1413922
Summary: | internal error in libvirt: Cannot unshare mount namespace: Operation not permitted | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Community] Virtualization Tools | Reporter: | Richard W.M. Jones <rjones> | ||||||
Component: | libvirt | Assignee: | Michal Privoznik <mprivozn> | ||||||
Status: | CLOSED NEXTRELEASE | QA Contact: | |||||||
Severity: | unspecified | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | unspecified | CC: | libvirt-maint, mprivozn, rbalakri | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | aarch64 | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2017-01-17 12:25:34 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 910269 | ||||||||
Attachments: |
|
Description
Richard W.M. Jones
2017-01-17 10:28:16 UTC
Created attachment 1241660 [details]
log file
Created attachment 1241662 [details]
libvirtd.log
Log from libvirtd. Note that it doesn't correspond to the same
session as the client-side log posted in the previous comment.
I added the following patch/hack to libvirt which fixes it: diff --git a/src/util/virprocess.c b/src/util/virprocess.c index f5c7ebb..ef3ed26 100644 --- a/src/util/virprocess.c +++ b/src/util/virprocess.c @@ -1155,6 +1155,7 @@ virProcessSetupPrivateMountNS(void) { int ret = -1; +#if 0 if (unshare(CLONE_NEWNS) < 0) { virReportSystemError(errno, "%s", _("Cannot unshare mount namespace")); @@ -1166,9 +1167,12 @@ virProcessSetupPrivateMountNS(void) _("Failed to switch root mount into slave mode")); goto cleanup; } +#endif ret = 0; +#if 0 cleanup: +#endif return ret; } I've pushed the patch upstream: commit d0baf54e53faa544cc41abe8353ee3dce0b0861a Author: Michal Privoznik <mprivozn> AuthorDate: Tue Jan 17 12:15:16 2017 +0100 Commit: Michal Privoznik <mprivozn> CommitDate: Tue Jan 17 13:23:56 2017 +0100 qemu: Actually unshare() iff running as root https://bugzilla.redhat.com/show_bug.cgi?id=1413922 While all the code that deals with qemu namespaces correctly detects whether we are running as root (and turn into NO-OP for qemu:///session) the actual unshare() call is not guarded with such check. Therefore any attempt to start a domain under qemu:///session shall fail as unshare() is reserved for root. The fix consists of moving unshare() call (for which we have a wrapper called virProcessSetupPrivateMountNS) into qemuDomainBuildNamespace() where the proper check is performed. Signed-off-by: Michal Privoznik <mprivozn> Tested-by: Richard W.M. Jones <rjones> v3.0.0-rc2-4-gd0baf54e5 |