[Bug 2141663] Re: Can't launch a VM on Ubuntu 26.04 due to the 'sudo-rs' privsep failures

Marcin Wilk 2141663 at bugs.launchpad.net
Tue Feb 24 06:21:19 UTC 2026 

** Also affects: nova (Ubuntu)
   Importance: Undecided
       Status: New

** No longer affects: nova

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/2141663

Title:
  Can't launch a VM on Ubuntu 26.04 due to the 'sudo-rs' privsep
  failures

Status in nova package in Ubuntu:
  New

Bug description:
  Ubuntu 26.04
  Openstack: 2025.2 (regress stack deployment)
  Nova packages: 3:32.0.0-0ubuntu1

  When trying to launch a VM, I am getting the following error due to
  the 'sudo-rs' failure when executing privsep operation:

  2026-02-12 07:38:47.450 46092 INFO oslo.privsep.daemon [None req-f4806a8a-8283-4230-842c-e7ea6286b2d5 2a72a72a40284ab8bc6494ea5e07dfa4 8aa7a984c69242fcb8ba427074287d92 - - default default] Running privsep helper: ['sudo', 'nova-rootwrap', '/etc/nov
  a/rootwrap.conf', 'privsep-helper', '--config-file', '/etc/nova/nova.conf', '--config-file', '/etc/nova/nova-compute.conf', '--privsep_context', 'nova.privsep.sys_admin_pctxt', '--privsep_sock_path', '/tmp/tmptza5icci/privsep.sock']
  2026-02-12 07:38:47.453 46092 WARNING oslo.privsep.daemon [-] privsep log: sudo-rs: I'm sorry nova. I'm afraid I can't do that
  2026-02-12 07:38:47.461 46092 CRITICAL oslo.privsep.daemon [None req-f4806a8a-8283-4230-842c-e7ea6286b2d5 2a72a72a40284ab8bc6494ea5e07dfa4 8aa7a984c69242fcb8ba427074287d92 - - default default] privsep helper command exited non-zero (1)
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [None req-f4806a8a-8283-4230-842c-e7ea6286b2d5 2a72a72a40284ab8bc6494ea5e07dfa4 8aa7a984c69242fcb8ba427074287d92 - - default default] [instance: b50b7710-626c-4276-89ed-dac586b82e31] Instance
   failed to spawn: oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
   2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31] Traceback (most recent call last):
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]   File "/usr/lib/python3/dist-packages/nova/compute/manager.py", line 2934, in _build_resources
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]     yield resources
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]   File "/usr/lib/python3/dist-packages/nova/compute/manager.py", line 2681, in _build_and_run_instance
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]     self.driver.spawn(context, instance, image_meta,
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]     ~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]                       injected_files, admin_password,
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]                       allocs, network_info=network_info,
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]                       block_device_info=block_device_info,
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]                       accel_info=accel_info)
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]                       ^^^^^^^^^^^^^^^^^^^^^^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]   File "/usr/lib/python3/dist-packages/nova/virt/libvirt/driver.py", line 4785, in spawn
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]     created_instance_dir, created_disks = self._create_image(
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]                                           ~~~~~~~~~~~~~~~~~~^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]             context, instance, disk_info['mapping'],
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]             injection_info=injection_info,
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]             block_device_info=block_device_info)
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]   File "/usr/lib/python3/dist-packages/nova/virt/libvirt/driver.py", line 5203, in _create_image
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]     created_disks = self._create_and_inject_local_root(
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]         context, instance, disk_mapping, booted_from_volume, suffix,
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]         disk_images, injection_info, fallback_from_host)
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]   File "/usr/lib/python3/dist-packages/nova/virt/libvirt/driver.py", line 5332, in _create_and_inject_local_root
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]     self._try_fetch_image_cache(backend, fetch_func, context,
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]     ~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]                                 root_fname, disk_images['image_id'],
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]                                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]                                 instance, size, fallback_from_host)
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]                                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]   File "/usr/lib/python3/dist-packages/nova/virt/libvirt/driver.py", line 11862, in _try_fetch_image_cache
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]     image.cache(fetch_func=fetch_func,
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]     ~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]                 context=context,
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]                 ^^^^^^^^^^^^^^^^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]     ...<2 lines>...
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]                 size=size,
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]                 ^^^^^^^^^^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]                 trusted_certs=instance.trusted_certs)
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]   File "/usr/lib/python3/dist-packages/nova/virt/libvirt/imagebackend.py", line 304, in cache
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]     self.create_image(
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]     ~~~~~~~~~~~~~~~~~^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]         fetch_func_sync, base, size, safe=safe, *args,
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]         **kwargs)
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]         ^^^^^^^^^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]   File "/usr/lib/python3/dist-packages/nova/virt/libvirt/imagebackend.py", line 704, in create_image
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]     _update_utime_ignore_eacces(base)
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]     ~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]   File "/usr/lib/python3/dist-packages/nova/virt/libvirt/imagebackend.py", line 73, in _update_utime_ignore_eacces
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]     nova.privsep.path.utime(path)
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]     ~~~~~~~~~~~~~~~~~~~~~~~^^^^^^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]   File "/usr/lib/python3/dist-packages/oslo_privsep/priv_context.py", line 265, in _wrap
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]     self.start()
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]     ~~~~~~~~~~^^
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]   File "/usr/lib/python3/dist-packages/oslo_privsep/priv_context.py", line 279, in start
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]     channel = daemon.RootwrapClientChannel(context=self)
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]   File "/usr/lib/python3/dist-packages/oslo_privsep/daemon.py", line 373, in __init__
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31]     raise FailedToDropPrivileges(msg)
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31] oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
  2026-02-12 07:38:47.462 46092 ERROR nova.compute.manager [instance: b50b7710-626c-4276-89ed-dac586b82e31] 
  ...
  2026-02-12 07:38:48.103 46092 INFO oslo.privsep.daemon [None req-f4806a8a-8283-4230-842c-e7ea6286b2d5 2a72a72a40284ab8bc6494ea5e07dfa4 8aa7a984c69242fcb8ba427074287d92 - - default default] Running privsep helper: ['sudo', 'nova-rootwrap', '/etc/nova/rootwrap.conf', 'privsep-helper', '--config-file', '/etc/nova/nova.conf', '--config-file', '/etc/nova/nova-compute.conf', '--privsep_context', 'vif_plug_ovs.privsep.vif_plug', '--privsep_sock_path', '/tmp/tmpq2luy6yo/privsep.sock']
  2026-02-12 07:38:48.106 46092 WARNING oslo.privsep.daemon [-] privsep log: sudo-rs: I'm sorry nova. I'm afraid I can't do that

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nova/+bug/2141663/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list