control: forwarded -1 https://www.redhat.com/archives/libvir-list/2017-September/msg00457.html
Hi, On Mon, Sep 18, 2017 at 09:33:45AM +0200, intrig...@debian.org wrote: > Package: libvirt-daemon-system > Version: 3.7.0-2 > Severity: normal > > Hi, > > since some fairly recent sid upgrade, my VMs don't get network > anymore and my logs contain lots of: > > kernel: audit: type=1400 audit(1505719435.761:27425226): apparmor="DENIED" > operation="file_perm" info="Failed name lookup - disconnected path" error=-13 > profile="libvirt-213ff882-ce4b-035d-e2b1-9059d66cd67d" name="dev/net/tun" > pid=25947 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=119 > ouid=0 > > I've tried passing flags=(attach_disconnected) in > /etc/apparmor.d/libvirt/TEMPLATE.qemu but that did not fix the bug for > some reason, so I've reverted this change. I saw the same on Friday and used the patch reference above (which basically does the same, you were on cc: ;)… > > My current workaround is to disable private mount namespaces in > /etc/libvirt/qemu.conf: > > namespaces = [ ] > > FWIW the network these VMs are connected to looks like: > > <network connections='1'> > <name>routed</name> > <uuid>054fadcc-23da-4014-94e7-cdde77924045</uuid> > <forward mode='route'/> > <bridge name='vmz0' stp='on' delay='0'/> > […] > </network> … however I'm using <interface type='network'> <mac address='52:54:00:75:44:c0'/> <source network='default'/> <model type='rtl8139'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> Should that make a difference? Did you check if the vm profile did get recreated correclt? Cheers, -- Guido > > Cheers! > > -- System Information: > Debian Release: buster/sid > APT prefers unstable > APT policy: (990, 'unstable'), (500, 'stable-updates'), (500, > 'oldstable-updates'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), > (1, 'experimental') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.12.0-2-amd64 (SMP w/4 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), > LANGUAGE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /usr/bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages libvirt-daemon-system depends on: > ii adduser 3.116 > ii debconf 1.5.63 > ii gettext-base 0.19.8.1-4 > ii init-system-helpers 1.49 > ii iptables 1.6.1-2 > ii libacl1 2.2.52-3+b1 > ii libapparmor1 2.11.0-10 > ii libaudit1 1:2.7.7-1+b2 > ii libblkid1 2.29.2-5 > ii libc6 2.24-17 > ii libcap-ng0 0.7.7-3+b1 > ii libdbus-1-3 1.11.16+really1.10.22-1 > ii libdevmapper1.02.1 2:1.02.142-1 > ii libnl-3-200 3.2.27-2 > ii libnl-route-3-200 3.2.27-2 > ii libnuma1 2.0.11-2.1 > ii libselinux1 2.7-2 > ii libvirt-clients 3.7.0-2 > ii libvirt-daemon 3.7.0-2 > ii libvirt0 3.7.0-2 > ii libxml2 2.9.4+dfsg1-4 > ii libyajl2 2.1.0-2+b3 > ii logrotate 3.11.0-0.1 > ii lsb-base 9.20170808 > ii policykit-1 0.105-18 > > Versions of packages libvirt-daemon-system recommends: > ii bridge-utils 1.5-14 > ii dmidecode 3.1-1 > ii dnsmasq-base 2.77-2 > ii ebtables 2.0.10.4-3.5+b1 > ii iproute2 4.9.0-2 > ii parted 3.2-17 > > Versions of packages libvirt-daemon-system suggests: > ii apparmor 2.11.0-10 > pn auditd <none> > ii nfs-common 1:1.3.4-2.1+b1 > ii pm-utils 1.4.1-17 > ii radvd 1:2.16-3 > ii systemd 234-3 > pn systemtap <none> > pn zfsutils <none> > > -- debconf information: > libvirt-daemon-system/id_warning: true > > -- > intrigeri > > _______________________________________________ > Pkg-libvirt-maintainers mailing list > pkg-libvirt-maintain...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers