Ubuntu
libvirt package

  1. Bug #1248577
  2. Comment #6

Comment 6 for bug 1248577

Revision history for this message
Serge Hallyn (serge-hallyn) wrote : Re: [Bug 1248577] [NEW] libvirt with securty_driver="apparmor" (default settings) cannot do live blockcopy of devices due to permission denied error

Interestingly, /etc/apparmor.d/libvirt/libvirt-$uuid.files does have an
entry allowing rw to the destination path:

  "/mnt/x/x.qcow2" rw,

but still I get

Nov 6 21:29:47 kvm-s1 kernel: [ 1432.501141] type=1400 audit(1383769787.515:60): apparmor="STATUS" operation="profile_replace" parent=1382 profile="unconfined" name="libvirt-5d349701-09af-42be-b1b4-ef4b31de5792" pid=1383 comm="apparmor_parser"
Nov 6 21:29:47 kvm-s1 kernel: [ 1432.502753] type=1400 audit(1383769787.515:61): apparmor="DENIED" operation="open" parent=1 profile="libvirt-5d349701-09af-42be-b1b4-ef4b31de5792" name="/mnt/x/x.qcow2" pid=1285 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=107 ouid=107