Package: apparmor Version: 2.11.0-11 Severity: serious After the kernel upgrade from 4.12 to 4.13 my KVM/libvirt instances failed to start: Okt 10 19:24:44 pluto libvirtd[673]: 2017-10-10 17:24:44.404+0000: 797: error : virProcessRunInMountNamespace:1159 : internal error: child reported: Kernel does not provide mount namespace: Permission denied
Disabling AppArmor made libvirt work again. There seems to be an incompatibility between the 4.13 kernel and AppArmor. Please reassign if you think this is a bug in the kernel. I've decided to mark this as RC, as breaking KVM is a rather severe regression which needs to be fixed for buster. A quick internet search turns up https://forums.opensuse.org/showthread.php/527394-KVM-guest-will-not-start-with-latest-version-of-kernel and following that https://www.redhat.com/archives/libvir-list/2017-September/msg00546.html Regards, Michael -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages apparmor depends on: ii debconf 1.5.63 ii init-system-helpers 1.49 ii libapparmor-perl 2.11.0-11 ii libc6 2.24-17 ii lsb-base 9.20170808 ii python3 3.5.3-3 apparmor recommends no packages. Versions of packages apparmor suggests: ii apparmor-profiles 2.11.0-11 pn apparmor-profiles-extra <none> ii apparmor-utils 2.11.0-11 -- debconf information excluded