For the latter SRU I summarized the testing procedure:
Note: This can but does not have to be tested in nested virtualization (Since we need to change the kernel it is probably the preferred way to do it in nested, so this is what I describe)
1. Get a KVM guest with the Release to test (Cosmic as an example) and give it a size to be able to host a nested guest
$ sudo apt install uvtool-libvirt
$ uvt-simplestreams-libvirt --verbose sync --source http://cloud-images.ubuntu.com/daily arch=amd64 release=cosmic label=daily
$ uvt-kvm create --cpu 8 --memory 4096 --password ubuntu c-nested-kvm-4.18 arch=amd64 release=cosmic label=daily
$ uvt-kvm ssh c-nested-kvm-4.18
2. In the guest set up another guest
$ uvt-kvm ssh c-nested-kvm-4.18
$ uvt-simplestreams-libvirt --verbose sync --source http://cloud-images.ubuntu.com/daily arch=amd64 release=cosmic label=daily
$ uvt-kvm create --password ubuntu c-nested-guest arch=amd64 release=cosmic label=daily
$ sudo apt install uvtool-libvirt
3. The above will work, now get a kernel >=4.18 e.g. the mainline kernels at https://wiki.ubuntu.com/Kernel/MainlineBuilds
$ wget (link of the day)
$ sudo dpkg -i *.deb
4. reboot into the 4.18 kernel
$ sudo reboot
5. Start the guest again
$ virsh start c-nested-guest
Without fix this will fail like:
error: Failed to start domain c-nested-guest
error: internal error: child reported: Kernel does not provide mount namespace: Permission denied
And an associated Dmesg/Apparmor entry:
[ 519.529760] audit: type=1400 audit(1535364820.976:27): apparmor="DENIED" operation="ptrace" profile="/usr/sbin/libvirtd" pid=1692 comm="libvirtd" requested_mask="read" denied_mask="read" peer="libvirt-4ae5dbbe-641c-4934-ae7c-956bcc8b9e2f"
6. In the guest update from PPA/Proposed that you want to test to bring in the libvirt package with the updated rules (Example with the PPA).
$ sudo add-apt-repository ppa:ci-train-ppa-service/3381
$ sudo apt upgrade
7. Start the guest again and it will now work
$ virsh start c-nested-guest
Tested against Kernel 4.18 from mainline builds: kernel. ubuntu. com/~kernel- ppa/mainline/ v4.18/linux- image-unsigned- 4.18.0- 041800- generic_ 4.18.0- 041800. 201808122131_ amd64.deb
http://
For the latter SRU I summarized the testing procedure: ms-libvirt --verbose sync --source http:// cloud-images. ubuntu. com/daily arch=amd64 release=cosmic label=daily ms-libvirt --verbose sync --source http:// cloud-images. ubuntu. com/daily arch=amd64 release=cosmic label=daily /wiki.ubuntu. com/Kernel/ MainlineBuilds
Note: This can but does not have to be tested in nested virtualization (Since we need to change the kernel it is probably the preferred way to do it in nested, so this is what I describe)
1. Get a KVM guest with the Release to test (Cosmic as an example) and give it a size to be able to host a nested guest
$ sudo apt install uvtool-libvirt
$ uvt-simplestrea
$ uvt-kvm create --cpu 8 --memory 4096 --password ubuntu c-nested-kvm-4.18 arch=amd64 release=cosmic label=daily
$ uvt-kvm ssh c-nested-kvm-4.18
2. In the guest set up another guest
$ uvt-kvm ssh c-nested-kvm-4.18
$ uvt-simplestrea
$ uvt-kvm create --password ubuntu c-nested-guest arch=amd64 release=cosmic label=daily
$ sudo apt install uvtool-libvirt
3. The above will work, now get a kernel >=4.18 e.g. the mainline kernels at
https:/
$ wget (link of the day)
$ sudo dpkg -i *.deb
4. reboot into the 4.18 kernel
$ sudo reboot
5. Start the guest again
$ virsh start c-nested-guest
Without fix this will fail like:
error: Failed to start domain c-nested-guest
error: internal error: child reported: Kernel does not provide mount namespace: Permission denied
And an associated Dmesg/Apparmor entry: 0.976:27) : apparmor="DENIED" operation="ptrace" profile= "/usr/sbin/ libvirtd" pid=1692 comm="libvirtd" requested_ mask="read" denied_mask="read" peer="libvirt- 4ae5dbbe- 641c-4934- ae7c-956bcc8b9e 2f"
[ 519.529760] audit: type=1400 audit(153536482
6. In the guest update from PPA/Proposed that you want to test to bring in the libvirt package with the updated rules (Example with the PPA). train-ppa- service/ 3381
$ sudo add-apt-repository ppa:ci-
$ sudo apt upgrade
7. Start the guest again and it will now work
$ virsh start c-nested-guest