Bug 1413922 - internal error in libvirt: Cannot unshare mount namespace: Operation not permitted
Summary: internal error in libvirt: Cannot unshare mount namespace: Operation not perm...
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Virtualization Tools
Classification: Community
Component: libvirt
Version: unspecified
Hardware: aarch64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Michal Privoznik
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: TRACKER-bugs-affecting-libguestfs
TreeView+ depends on / blocked
 
Reported: 2017-01-17 10:28 UTC by Richard W.M. Jones
Modified: 2017-01-17 12:25 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2017-01-17 12:25:34 UTC
Embargoed:

Attachments (Terms of Use)
log file (66.04 KB, text/plain)
2017-01-17 10:30 UTC, Richard W.M. Jones 		no flags Details
libvirtd.log (306.07 KB, text/plain)
2017-01-17 10:33 UTC, Richard W.M. Jones 		no flags Details
View All

Description Richard W.M. Jones 2017-01-17 10:28:16 UTC 
Description of problem:

Cannot launch a guest as non-root (ie using qemu:///session)
with libvirt 3.0.0 rc2.

The error is:

libvirt: internal error: Process exited prior to exec: libvirt:  error : Cannot unshare mount namespace: Operation not permitted [code=1 int1=-1]

Version-Release number of selected component (if applicable):

libvirt 3.0.0 rc2

How reproducible:

100%

Steps to Reproduce:
1. Install libvirt 3.0.0 rc2
2. Run libguestfs-test-tool.
Comment 1 Richard W.M. Jones 2017-01-17 10:30:14 UTC 
Created attachment 1241660 [details]
log file
Comment 2 Richard W.M. Jones 2017-01-17 10:33:50 UTC 
Created attachment 1241662 [details]
libvirtd.log

Log from libvirtd.  Note that it doesn't correspond to the same
session as the client-side log posted in the previous comment.
Comment 3 Richard W.M. Jones 2017-01-17 11:26:14 UTC 
I added the following patch/hack to libvirt which fixes it:

diff --git a/src/util/virprocess.c b/src/util/virprocess.c
index f5c7ebb..ef3ed26 100644
--- a/src/util/virprocess.c
+++ b/src/util/virprocess.c
@@ -1155,6 +1155,7 @@ virProcessSetupPrivateMountNS(void)
 {
     int ret = -1;
 
+#if 0
     if (unshare(CLONE_NEWNS) < 0) {
         virReportSystemError(errno, "%s",
                              _("Cannot unshare mount namespace"));
@@ -1166,9 +1167,12 @@ virProcessSetupPrivateMountNS(void)
                              _("Failed to switch root mount into slave mode"));
         goto cleanup;
     }
+#endif
 
     ret = 0;
+#if 0
  cleanup:
+#endif
     return ret;
 }
Comment 4 Michal Privoznik 2017-01-17 11:33:08 UTC 
To POST:

https://www.redhat.com/archives/libvir-list/2017-January/msg00719.html
Comment 5 Michal Privoznik 2017-01-17 12:25:34 UTC 
I've pushed the patch upstream:

commit d0baf54e53faa544cc41abe8353ee3dce0b0861a
Author:     Michal Privoznik <mprivozn>
AuthorDate: Tue Jan 17 12:15:16 2017 +0100
Commit:     Michal Privoznik <mprivozn>
CommitDate: Tue Jan 17 13:23:56 2017 +0100

    qemu: Actually unshare() iff running as root
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1413922
    
    While all the code that deals with qemu namespaces correctly
    detects whether we are running as root (and turn into NO-OP for
    qemu:///session) the actual unshare() call is not guarded with
    such check. Therefore any attempt to start a domain under
    qemu:///session shall fail as unshare() is reserved for root.
    
    The fix consists of moving unshare() call (for which we have a
    wrapper called virProcessSetupPrivateMountNS) into
    qemuDomainBuildNamespace() where the proper check is performed.
    
    Signed-off-by: Michal Privoznik <mprivozn>
    Tested-by: Richard W.M. Jones <rjones>

v3.0.0-rc2-4-gd0baf54e5
Note You need to log in before you can comment on or make changes to this bug.