Bug 1413922 - internal error in libvirt: Cannot unshare mount namespace: Operation not permitted
Summary: internal error in libvirt: Cannot unshare mount namespace: Operation not perm...
Alias: None
Product: Virtualization Tools
Classification: Community
Component: libvirt
Version: unspecified
Hardware: aarch64
OS: Unspecified
Target Milestone: ---
Assignee: Michal Privoznik
QA Contact:
Depends On:
Blocks: TRACKER-bugs-affecting-libguestfs
TreeView+ depends on / blocked
Reported: 2017-01-17 10:28 UTC by Richard W.M. Jones
Modified: 2017-01-17 12:25 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-01-17 12:25:34 UTC

Attachments (Terms of Use)
log file (66.04 KB, text/plain)
2017-01-17 10:30 UTC, Richard W.M. Jones
no flags Details
libvirtd.log (306.07 KB, text/plain)
2017-01-17 10:33 UTC, Richard W.M. Jones
no flags Details

Description Richard W.M. Jones 2017-01-17 10:28:16 UTC
Description of problem:

Cannot launch a guest as non-root (ie using qemu:///session)
with libvirt 3.0.0 rc2.

The error is:

libvirt: internal error: Process exited prior to exec: libvirt:  error : Cannot unshare mount namespace: Operation not permitted [code=1 int1=-1]

Version-Release number of selected component (if applicable):

libvirt 3.0.0 rc2

How reproducible:


Steps to Reproduce:
1. Install libvirt 3.0.0 rc2
2. Run libguestfs-test-tool.

Comment 1 Richard W.M. Jones 2017-01-17 10:30:14 UTC
Created attachment 1241660 [details]
log file

Comment 2 Richard W.M. Jones 2017-01-17 10:33:50 UTC
Created attachment 1241662 [details]

Log from libvirtd.  Note that it doesn't correspond to the same
session as the client-side log posted in the previous comment.

Comment 3 Richard W.M. Jones 2017-01-17 11:26:14 UTC
I added the following patch/hack to libvirt which fixes it:

diff --git a/src/util/virprocess.c b/src/util/virprocess.c
index f5c7ebb..ef3ed26 100644
--- a/src/util/virprocess.c
+++ b/src/util/virprocess.c
@@ -1155,6 +1155,7 @@ virProcessSetupPrivateMountNS(void)
     int ret = -1;
+#if 0
     if (unshare(CLONE_NEWNS) < 0) {
         virReportSystemError(errno, "%s",
                              _("Cannot unshare mount namespace"));
@@ -1166,9 +1167,12 @@ virProcessSetupPrivateMountNS(void)
                              _("Failed to switch root mount into slave mode"));
         goto cleanup;
     ret = 0;
+#if 0
     return ret;

Comment 4 Michal Privoznik 2017-01-17 11:33:08 UTC


Comment 5 Michal Privoznik 2017-01-17 12:25:34 UTC
I've pushed the patch upstream:

commit d0baf54e53faa544cc41abe8353ee3dce0b0861a
Author:     Michal Privoznik <mprivozn@redhat.com>
AuthorDate: Tue Jan 17 12:15:16 2017 +0100
Commit:     Michal Privoznik <mprivozn@redhat.com>
CommitDate: Tue Jan 17 13:23:56 2017 +0100

    qemu: Actually unshare() iff running as root
    While all the code that deals with qemu namespaces correctly
    detects whether we are running as root (and turn into NO-OP for
    qemu:///session) the actual unshare() call is not guarded with
    such check. Therefore any attempt to start a domain under
    qemu:///session shall fail as unshare() is reserved for root.
    The fix consists of moving unshare() call (for which we have a
    wrapper called virProcessSetupPrivateMountNS) into
    qemuDomainBuildNamespace() where the proper check is performed.
    Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
    Tested-by: Richard W.M. Jones <rjones@redhat.com>


Note You need to log in before you can comment on or make changes to this bug.