Ubuntu
libvirt package

  1. Bug #1517539
  2. Comment #3

Comment 3 for bug 1517539

Revision history for this message
John Curran (curran736) wrote : Re: Libvirt can not create snapshot

Seeing this bug in openstack as well using libvirt-bin 1.2.16.

Using openstack, from nova-compute.log :

ERROR oslo_messaging.rpc.dispatcher if ret == -1: raise libvirtError ('virDomainManagedSave() failed', dom=self)
libvirtError: internal error: cannot update AppArmor profile 'libvirt-7f10dbb6-b650-4bc5-aaaa-b6e47bb099c1'

Using `sudo aa-audit /usr/sbin/libvirtd` we then see in /var/log/libvirt/libvirtd.log :

2015-12-21 17:21:33.253+0000: 25832: error : virCommandWait:2552 : internal error: Child process (/usr/lib/libvirt/virt-aa-helper -p 0 -r -u libvirt-7f10dbb6-b650-4bc5-aaaa-b6e47bb099c1 -F /var/lib/libvirt/qemu/save/instance-000000a0.save) unexpected exit status 1: virt-aa-helper: error: /var/lib/libvirt/qemu/org.qemu.guest_agent.0.instance-000000a0.sock
virt-aa-helper: error: skipped restricted file
virt-aa-helper: error: invalid VM definition
2015-12-21 17:21:33.253+0000: 25832: error : reload_profile:296 : internal error: cannot update AppArmor profile 'libvirt-7f10dbb6-b650-4bc5-aaaa-b6e47bb099c1'

usr.sbin.libvirtd already has :

  # allow changing to our UUID-based named profiles
  change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,