Ubuntu
libvirt package

virsh save doesn't work for vm with hdd image in non-default location, AppArmor-related error

Bug #1531703 reported by RussianNeuroMancer
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
libvirt (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

virsh save does work for vm located in /var/lib/libvirt/images, but doesn't work for vm located for example in /mnt/storage/data/limages
Error message:
~$ LANG=C virsh save owncloud /mnt/storage/data/images/owncloud.dump
error: Failed to save domain owncloud to /mnt/storage/data/images/owncloud.dump
error: внутренняя ошибка: не удалось обновить профиль AppArmor «libvirt-b9f02241-f8a7-4c11-86de-5eccbdff6511»

Translation:
error: internal error: unable to update AppArmor profile «libvirt-b9f02241-f8a7-4c11-86de-5eccbdff6511»

I tried to dumpxml and then define it again from xml, but that doesn't help.
Ubuntu Server 15.10.

RussianNeuroMancer (russianneuromancer)
affects: apparmor → apparmor (Ubuntu)
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Thanks for reporting this bug. I can't reproduce it here:

0 ✓ serge@sl ~ $ virsh start docker
Domain docker started
0 ✓ serge@sl ~ $ virsh save docker /mnt/docker.dmp

Domain docker saved to /mnt/docker.dmp

Same happened on a 15.10 host.

Can you append your full xml?

Normally the apparmor profile messages happen when there is a pathname which confuses virt-aa-helper or libvirt.

Changed in libvirt (Ubuntu):
status: New → Incomplete
Revision history for this message
RussianNeuroMancer (russianneuromancer) wrote :

This particular VM is removed now (guest moved to nspawn container) but I find xml in host btrfs snapshots.

Changed in libvirt (Ubuntu):
status: Incomplete → New
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Thanks, nothing looks out of the ordinary there. Just to make sure, does

realpath /mnt/storage/data/images/owncloud.qcow2

show something different than the original path? (I.e. could a path element there be a symlink into one of the restricted paths?)

Revision history for this message
RussianNeuroMancer (russianneuromancer) wrote :

> show something different than the original path?
No, only path that represent current image location (inside btrfs snapshot).

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apparmor (Ubuntu):
status: New → Confirmed
Changed in libvirt (Ubuntu):
status: New → Confirmed
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Sorry this has been dormant for way too long, but I can still not reproduce as Serge couldn't back then. To properly reflect that I'm setting incomplete for now.

You could try to check what /usr/lib/libvirt/virt-aa-helper does with your XML.
Maybe it fails to process it or generates content in your case that libvirt won't accept?

Changed in libvirt (Ubuntu):
status: Confirmed → Incomplete
Christian Ehrhardt  (paelzer)
no longer affects: apparmor (Ubuntu)
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for libvirt (Ubuntu) because there has been no activity for 60 days.]

Changed in libvirt (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.