Bug 1692035 - libvirt can't start QEMU on rawhide: -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny: failed to install seccomp syscall filter in the kernel
Summary: libvirt can't start QEMU on rawhide: -sandbox on,obsolete=deny,elevateprivile...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: libvirt
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Libvirt Maintainers
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: TRACKER-bugs-affecting-libguestfs
TreeView+ depends on / blocked
 
Reported: 2019-03-23 14:33 UTC by Richard W.M. Jones
Modified: 2019-03-25 12:52 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-03-25 12:52:30 UTC
Type: Bug


Attachments (Terms of Use)
Full log (9.70 KB, text/plain)
2019-03-23 14:34 UTC, Richard W.M. Jones
no flags Details

Description Richard W.M. Jones 2019-03-23 14:33:48 UTC
Description of problem:

libguestfs cannot create an appliance through libvirt.  It fails with:

$ libguestfs-test-tool
[...]
Original error from libvirt: internal error: process exited while connecting to monitor: 2019-03-23T14:31:27.986230Z qemu-system-x86_64: -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny: failed to install seccomp syscall filter in the kernel [code=1 int1=-1]

Version-Release number of selected component (if applicable):

kernel 5.1.0-0.rc1.git2.2.fc31.x86_64
libvirt-5.1.0-3.fc31.x86_64
qemu-4.0.0-0.2.rc0.fc31.x86_64

How reproducible:

100%

Steps to Reproduce:
1. Run libguestfs-test-tool

Comment 1 Richard W.M. Jones 2019-03-23 14:34:27 UTC
Created attachment 1547277 [details]
Full log

Comment 2 Daniel Berrangé 2019-03-25 12:34:41 UTC
(In reply to Richard W.M. Jones from comment #0)
> Description of problem:
> 
> libguestfs cannot create an appliance through libvirt.  It fails with:
> 
> $ libguestfs-test-tool
> [...]
> Original error from libvirt: internal error: process exited while connecting
> to monitor: 2019-03-23T14:31:27.986230Z qemu-system-x86_64: -sandbox
> on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny:
> failed to install seccomp syscall filter in the kernel [code=1 int1=-1]
> 
> Version-Release number of selected component (if applicable):
> 
> kernel 5.1.0-0.rc1.git2.2.fc31.x86_64
> libvirt-5.1.0-3.fc31.x86_64
> qemu-4.0.0-0.2.rc0.fc31.x86_64

Are you sure about this kernel version ? I can only get a kernel-5.1.0-0.rc1.git2.1.fc31 from rawhide - koji doesn't show any git2.2 build

I couldn't reproduce in the git2.1 build when trying to boot a plain guest via libvirt.

Comment 3 Daniel Berrangé 2019-03-25 12:38:49 UTC
BTW, are there any AVCs from SELinux when this happens ?

Comment 4 Richard W.M. Jones 2019-03-25 12:52:30 UTC
Thanks for looking at this.  This has now "fixed itself" after I upgraded everything to
Rawhide (ie. after dnf update --best) + a reboot, so I guess this is NOTABUG.

I'm going to close this but if it reoccurs in future will reopen with the additional
information you requested.


Note You need to log in before you can comment on or make changes to this bug.