That long filename is the (readonly) backing file for the root disk.
sudo qemu-img info docker.qcow
image: docker.qcow
file format: qcow2
virtual size: 30G (32212254720 bytes)
disk size: 7.0G
cluster_size: 65536
backing file: /var/lib/uvtool/libvirt/images/x-uvt-b64-Y29tLnVidW50dS5jbG91ZDpzZXJ2ZXI6MTYuMDQ6YW1kNjQgMjAxNjAxMjU=
backing file format: qcow2
Format specific information:
compat: 0.10
refcount bits: 16
So it would seem we could consider this (a) a bug in qemu for requiring write access to a readonly backing file, or (b) a bug in libvirt for denying that write access.
strace shows:
5082 open("/ var/lib/ uvtool/ libvirt/ images/ x-uvt-b64- Y29tLnVidW50dS5 jbG91ZDpzZXJ2ZX I6MTYuMDQ6YW1kN jQgMjAxNjAxMjU= ", O_RDWR|O_CLOEXEC) = -1 EACCES (Permission denied)
The apparmor profile (libvirt- uuid.files) includes:
"/var/ lib/uvtool/ libvirt/ images/ x-uvt-b64- Y29tLnVidW50dS5 jbG91ZDpzZXJ2ZX I6MTYuMDQ6YW1kN jQgMjAxNjAxMjU= " r, uvtool/ libvirt/ images/ x-uvt-b64- Y29tLnVidW50dS5 jbG91ZDpzZXJ2ZX I6MTYuMDQ6YW1kN jQgMjAxNjAxMjU= " w, lib/uvtool/ libvirt/ images/ docker- ds.qcow" rw, lib/uvtool/ libvirt/ images/ x-uvt-b64- Y29tLnVidW50dS5 jbG91ZDpzZXJ2ZX I6MTYuMDQ6YW1kN jQgMjAxNjAxMjU= " rw,
# don't audit writes to readonly files
deny "/var/lib/
"/var/
/dev/vhost-net rw,
"/var/
That long filename is the (readonly) backing file for the root disk.
sudo qemu-img info docker.qcow uvtool/ libvirt/ images/ x-uvt-b64- Y29tLnVidW50dS5 jbG91ZDpzZXJ2ZX I6MTYuMDQ6YW1kN jQgMjAxNjAxMjU=
image: docker.qcow
file format: qcow2
virtual size: 30G (32212254720 bytes)
disk size: 7.0G
cluster_size: 65536
backing file: /var/lib/
backing file format: qcow2
Format specific information:
compat: 0.10
refcount bits: 16
So it would seem we could consider this (a) a bug in qemu for requiring write access to a readonly backing file, or (b) a bug in libvirt for denying that write access.