On 26.02.2017 18:29, Kyle Peterson wrote: > libvirt-3.0.0 > > When attemping to create a virtual machine I receive the error "error : Failed to switch root mount into slave mode: Permission denied”. > > I’m attempting to run qemu/libvirt/virt-manager in an Arch Linux lxc container on a Ubuntu 16.04 host. The host uses zfs for its containers. The arch container is set up as a priveleged container. I do already have kvm/qemu/libvirt working in a Ubuntu container. The reason for the arch container is because I want to try a newer version of qemu/libvirt. > > I’m not finding anything on google about this error message. Any way to get around it? Hey, with 3.0.0 release qemu domains are started under a namespace too (because of the error message I assume you're trying to start a qemu domain). So far, every domain has its own /dev managed by libvirt. There were two reasons for it: a) avoid relabelling race with udev b) enhance security as only configured devices are created in the namespace. Therefore, when starting new qemu domain, libvirt calls unshare(CLONE_NEWNS) and then tries to remount the root "/" into slave mode so that all mounts from the master (= parent ns) are visible in the namespace but not vice versa. Since you mention Ubuntu - could it be that it is AppArmor that is denying the operation? Because frankly, I've read some bug reports that AppArmor was denying libvirt to create a new namespace but I'm no AppArmor expert and I don't know how to fix it. There is a workaround too, just set: namespaces = [] in qemu.conf, restart libvirtd and you should be all set. BTW, the 3.1.0-rc1 release is out and it contains a lot of qemu namespace fixes. So you might try that. Michal _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
