Comment 15 for bug 1845506

Created attachment 1609257
Domain file

Description of problem:
Creating a domain with multiple disks and trying to take an disk-only snapshot with external disk overlay fails with the error "Could not create file: Permission denied"

Version-Release number of selected component (if applicable):
Tested on 4.0.0, 5.0.0 and master (648c11c04cf1d45f37f4662ffb7952611ddb458c)

How reproducible:
Create a new domain for qemu with 2 disk connected. (dumpxml of my domain as attachemnt)

Steps to Reproduce:
1. snapshot-create-as --domain ubuntu18.04 --disk-only --atomic --diskspec vda,file=/var/lib/libvirt/images/ubuntu18.04-overlay.qcow2,snapshot=external --diskspec vdb,file=/var/lib/libvirt/images/ubuntu18.04-1-overlay.qcow2,snapshot=external

Actual results:
error: internal error: unable to execute QEMU command 'transaction': Could not create file: Permission denied

Expected results:
Domain snapshot 1567058757 created

Additional info:
When manually adding the path to vda overlay file in /etc/apparmor.d/libvirt/libvirt-a955728a-ac8f-4fcb-8bea-3e12fca826a7 as:
  "/var/lib/libvirt/images/ubuntu18.04-overlay.qcow2" rwk,

It works to take snapshot for both disk. So it looks like the apparmor is only updated with the last disk