Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1413922

Summary: internal error in libvirt: Cannot unshare mount namespace: Operation not permitted
Product: [Community] Virtualization Tools Reporter: Richard W.M. Jones <rjones>
Component: libvirtAssignee: Michal Privoznik <mprivozn>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: libvirt-maint, mprivozn, rbalakri
Target Milestone: ---   
Target Release: ---   
Hardware: aarch64   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-17 12:25:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 910269    
Attachments:
Description Flags
log file
none
libvirtd.log none

Description Richard W.M. Jones 2017-01-17 10:28:16 UTC 
Description of problem:

Cannot launch a guest as non-root (ie using qemu:///session)
with libvirt 3.0.0 rc2.

The error is:

libvirt: internal error: Process exited prior to exec: libvirt:  error : Cannot unshare mount namespace: Operation not permitted [code=1 int1=-1]

Version-Release number of selected component (if applicable):

libvirt 3.0.0 rc2

How reproducible:

100%

Steps to Reproduce:
1. Install libvirt 3.0.0 rc2
2. Run libguestfs-test-tool.
Comment 1 Richard W.M. Jones 2017-01-17 10:30:14 UTC 
Created attachment 1241660 [details]
log file
Comment 2 Richard W.M. Jones 2017-01-17 10:33:50 UTC 
Created attachment 1241662 [details]
libvirtd.log

Log from libvirtd.  Note that it doesn't correspond to the same
session as the client-side log posted in the previous comment.
Comment 3 Richard W.M. Jones 2017-01-17 11:26:14 UTC 
I added the following patch/hack to libvirt which fixes it:

diff --git a/src/util/virprocess.c b/src/util/virprocess.c
index f5c7ebb..ef3ed26 100644
--- a/src/util/virprocess.c
+++ b/src/util/virprocess.c
@@ -1155,6 +1155,7 @@ virProcessSetupPrivateMountNS(void)
 {
     int ret = -1;
 
+#if 0
     if (unshare(CLONE_NEWNS) < 0) {
         virReportSystemError(errno, "%s",
                              _("Cannot unshare mount namespace"));
@@ -1166,9 +1167,12 @@ virProcessSetupPrivateMountNS(void)
                              _("Failed to switch root mount into slave mode"));
         goto cleanup;
     }
+#endif
 
     ret = 0;
+#if 0
  cleanup:
+#endif
     return ret;
 }
Comment 4 Michal Privoznik 2017-01-17 11:33:08 UTC 
To POST:

https://www.redhat.com/archives/libvir-list/2017-January/msg00719.html
Comment 5 Michal Privoznik 2017-01-17 12:25:34 UTC 
I've pushed the patch upstream:

commit d0baf54e53faa544cc41abe8353ee3dce0b0861a
Author:     Michal Privoznik <mprivozn>
AuthorDate: Tue Jan 17 12:15:16 2017 +0100
Commit:     Michal Privoznik <mprivozn>
CommitDate: Tue Jan 17 13:23:56 2017 +0100

    qemu: Actually unshare() iff running as root
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1413922
    
    While all the code that deals with qemu namespaces correctly
    detects whether we are running as root (and turn into NO-OP for
    qemu:///session) the actual unshare() call is not guarded with
    such check. Therefore any attempt to start a domain under
    qemu:///session shall fail as unshare() is reserved for root.
    
    The fix consists of moving unshare() call (for which we have a
    wrapper called virProcessSetupPrivateMountNS) into
    qemuDomainBuildNamespace() where the proper check is performed.
    
    Signed-off-by: Michal Privoznik <mprivozn>
    Tested-by: Richard W.M. Jones <rjones>

v3.0.0-rc2-4-gd0baf54e5