Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Simple qemu command for this issue:
# /usr/libexec/qemu-kvm -sandbox on -monitor stdio
qemu-kvm: -sandbox on: failed to install seccomp syscall filter in the kernel
# /usr/libexec/qemu-kvm -sandbox off -monitor stdio
QEMU 2.12.0 monitor - type 'help' for more information
(qemu) VNC server running on ::1:5900
I'm not able to reproduce this issue:
[root@virtlab503 ~]# rpm -qa | egrep "libvirt-4|qemu-kvm-2|kernel-4"
kernel-4.18.0-100.el8.x86_64
kernel-4.18.0-104.el8.x86_64
libvirt-4.5.0-24.module+el8.1.0+3205+41ff0a42.x86_64
qemu-kvm-2.12.0-76.module+el8.1.0+3351+d11c20fa.x86_64
[root@virtlab503 ~]# uname -r
4.18.0-104.el8.x86_64
[root@virtlab503 ~]# rpm -qa | grep qemu-kvm
qemu-kvm-block-curl-2.12.0-76.module+el8.1.0+3351+d11c20fa.x86_64
qemu-kvm-common-2.12.0-76.module+el8.1.0+3351+d11c20fa.x86_64
qemu-kvm-block-iscsi-2.12.0-76.module+el8.1.0+3351+d11c20fa.x86_64
qemu-kvm-core-2.12.0-76.module+el8.1.0+3351+d11c20fa.x86_64
qemu-kvm-block-rbd-2.12.0-76.module+el8.1.0+3351+d11c20fa.x86_64
qemu-kvm-block-ssh-2.12.0-76.module+el8.1.0+3351+d11c20fa.x86_64
qemu-kvm-block-gluster-2.12.0-76.module+el8.1.0+3351+d11c20fa.x86_64
qemu-kvm-2.12.0-76.module+el8.1.0+3351+d11c20fa.x86_64
[root@virtlab503 ~]# /usr/libexec/qemu-kvm -sandbox on -monitor stdio
QEMU 2.12.0 monitor - type 'help' for more information
(qemu) VNC server running on ::1:5900
[root@virtlab503 ~]# /usr/libexec/qemu-kvm -sandbox off -monitor stdio
QEMU 2.12.0 monitor - type 'help' for more information
(qemu) VNC server running on ::1:5900
Also, I tried to import the VM definition from the report (with a nightly image [1]):
[root@virtlab503 ~]# virsh create /tmp/vm.xml
setlocale: No such file or directory
Domain r8 created from /tmp/vm.xml
[root@virtlab503 ~]# virsh domstate r8
setlocale: No such file or directory
running
[root@virtlab503 ~]# virsh domifaddr r8
setlocale: No such file or directory
Name MAC address Protocol Address
-------------------------------------------------------------------------------
vnet0 52:54:00:df:11:61 ipv4 192.168.122.57/24
I tested with a nested environment and in a beaker host.
Same result in both (but I didn't set a vm in the nested environment)
Some considerations:
kernel-4.18.0-100.el8.x86_64 doesn't seem to be in any nightly repository today. I had to download and manually install it.
Even with that Kernel, I wasn't able to reproduce it with qemu-kvm-core-2.12.0-76.
Perhaps there's something more that the reporter did?
[1] http://download.devel.redhat.com/nightly/latest-RHEL-8/compose/BaseOS/x86_64/images/rhel-guest-image-8.1-84.x86_64.qcow2
Host tree we use: RHEL-8.1.0-20190604.7
qemu: qemu-kvm-2.12.0-76.module+el8.1.0+3351+d11c20fa.x86_64
libseccomp : libseccomp-2.3.3-3.el8
Test with same qemu version, update libseccomp to: libseccomp-2.4.1-1.el8.x86_64, work well.
Comment 12Marc-Andre Lureau
2019-06-13 11:27:22 UTC
(In reply to Marc-Andre Lureau from comment #12)
> (fwiw, libseccomp 2.4 is bug 1602006)
Sorry, I'm packaged with some urgent last-minute-before-release-and-pto.
Can you send a patch bumping it to 2.4?
Comment 14Marc-Andre Lureau
2019-06-13 15:42:24 UTC
I sent:
[RHEL-8.1.0 qemu-kvm PATCH] qemu-kvm.spec: bump libseccomp >= 2.4.0
for some reason, the bug status isn't updated this time.
Reproduce with qemu-kvm-core-2.12.0-76.module+el8.1.0+3351+d11c20fa.x86_64 + libseccomp-2.3.3-3.el8.x86_64.
Cannot reproduce with qemu-kvm-core-2.12.0-77.module+el8.1.0+3382+49219945.x86_64 + libseccomp-2.4.1-1.el8.x86_64
So VERIFIED.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2019:3345
description: VM failed to start with error "failed to install seccomp syscall filter in the kernel" versions: [root@jslave-libvirt-rhel-8 images]# rpm -qa | egrep "libvirt-4|qemu-kvm-2|kernel-4" kernel-4.18.0-104.el8.x86_64 libvirt-4.5.0-24.module+el8.1.0+3205+41ff0a42.x86_64 qemu-kvm-2.12.0-76.module+el8.1.0+3351+d11c20fa.x86_64 python3-libvirt-4.5.0-1.module+el8.1.0+2983+b2ae9c0a.x86_64 kernel-4.18.0-100.el8.x86_64 how reproducible: 100% key words: REGRESSION not reproduced with qemu-kvm-2.12.0-75.module+el8.1.0+3252+aa5f0857.x86_64 steps: 1. vm can be started with previous version: [root@jslave-libvirt-rhel-8 images]# rpm -qa | grep qemu-kvm qemu-kvm-block-ssh-2.12.0-75.module+el8.1.0+3252+aa5f0857.x86_64 qemu-kvm-block-gluster-2.12.0-75.module+el8.1.0+3252+aa5f0857.x86_64 qemu-kvm-core-2.12.0-75.module+el8.1.0+3252+aa5f0857.x86_64 qemu-kvm-common-2.12.0-75.module+el8.1.0+3252+aa5f0857.x86_64 qemu-kvm-block-rbd-2.12.0-75.module+el8.1.0+3252+aa5f0857.x86_64 qemu-kvm-2.12.0-75.module+el8.1.0+3252+aa5f0857.x86_64 qemu-kvm-block-curl-2.12.0-75.module+el8.1.0+3252+aa5f0857.x86_64 qemu-kvm-block-iscsi-2.12.0-75.module+el8.1.0+3252+aa5f0857.x86_64 [root@jslave-libvirt-rhel-8 images]# virsh start r8 Domain r8 started 2. after qemu-kvm updated, failed to start: [root@jslave-libvirt-rhel-8 images]# yum update qemu-kvm ... ... [root@jslave-libvirt-rhel-8 images]# rpm -qa | grep qemu-kvm qemu-kvm-block-rbd-2.12.0-76.module+el8.1.0+3351+d11c20fa.x86_64 qemu-kvm-block-curl-2.12.0-76.module+el8.1.0+3351+d11c20fa.x86_64 qemu-kvm-block-iscsi-2.12.0-76.module+el8.1.0+3351+d11c20fa.x86_64 qemu-kvm-core-2.12.0-76.module+el8.1.0+3351+d11c20fa.x86_64 qemu-kvm-common-2.12.0-76.module+el8.1.0+3351+d11c20fa.x86_64 qemu-kvm-2.12.0-76.module+el8.1.0+3351+d11c20fa.x86_64 qemu-kvm-block-ssh-2.12.0-76.module+el8.1.0+3351+d11c20fa.x86_64 qemu-kvm-block-gluster-2.12.0-76.module+el8.1.0+3351+d11c20fa.x86_64 [root@jslave-libvirt-rhel-8 images]# virsh destroy r8 Domain r8 destroyed [root@jslave-libvirt-rhel-8 images]# virsh start r8 error: Failed to start domain r8 error: internal error: process exited while connecting to monitor: 2019-06-12T07:51:14.183561Z qemu-kvm: -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny: failed to install seccomp syscall filter in the kernel 3. vm's xml as follow: [root@jslave-libvirt-rhel-8 images]# virsh dumpxml r8 <domain type='kvm'> <name>r8</name> <uuid>75464011-67be-4231-90d5-67a9c9f35c5c</uuid> <memory unit='KiB'>4194304</memory> <currentMemory unit='KiB'>4194304</currentMemory> <vcpu placement='static'>1</vcpu> <os> <type arch='x86_64' machine='pc-i440fx-rhel7.6.0'>hvm</type> <boot dev='hd'/> </os> <features> <acpi/> <apic/> <vmport state='off'/> </features> <cpu mode='host-model' check='partial'> <model fallback='allow'/> </cpu> <clock offset='utc'> <timer name='rtc' tickpolicy='catchup'/> <timer name='pit' tickpolicy='delay'/> <timer name='hpet' present='no'/> </clock> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>destroy</on_crash> <pm> <suspend-to-mem enabled='no'/> <suspend-to-disk enabled='no'/> </pm> <devices> <emulator>/usr/libexec/qemu-kvm</emulator> <disk type='file' device='disk'> <driver name='qemu' type='qcow2'/> <source file='/var/lib/libvirt/images/rhel8.img'/> <target dev='hda' bus='ide'/> <address type='drive' controller='0' bus='0' target='0' unit='0'/> </disk> <controller type='usb' index='0' model='ich9-ehci1'> <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x7'/> </controller> <controller type='usb' index='0' model='ich9-uhci1'> <master startport='0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0' multifunction='on'/> </controller> <controller type='usb' index='0' model='ich9-uhci2'> <master startport='2'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x1'/> </controller> <controller type='usb' index='0' model='ich9-uhci3'> <master startport='4'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x2'/> </controller> <controller type='pci' index='0' model='pci-root'/> <controller type='ide' index='0'> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> </controller> <interface type='network'> <mac address='52:54:00:df:11:61'/> <source network='default'/> <model type='e1000'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> <serial type='pty'> <target type='isa-serial' port='0'> <model name='isa-serial'/> </target> </serial> <console type='pty'> <target type='serial' port='0'/> </console> <input type='tablet' bus='usb'> <address type='usb' bus='0' port='1'/> </input> <input type='mouse' bus='ps2'/> <input type='keyboard' bus='ps2'/> <graphics type='spice' autoport='yes'> <listen type='address'/> <image compression='off'/> </graphics> <sound model='ich6'> <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> </sound> <video> <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> </video> <redirdev bus='usb' type='spicevmc'> <address type='usb' bus='0' port='2'/> </redirdev> <redirdev bus='usb' type='spicevmc'> <address type='usb' bus='0' port='3'/> </redirdev> <memballoon model='virtio'> <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/> </memballoon> </devices> </domain> expected result: vm should start without error.