Failed to lock byte 100

Bug #1709818 reported by Christian Ehrhardt  on 2017-08-10
This bug affects 4 people
Affects Status Importance Assigned to Milestone
libvirt (Ubuntu)
qemu (Ubuntu)

Bug Description

With qemu 2.10 image files will be locked on specific bytes for features.

See for more:
(qemu) commit 244a5668106297378391b768e7288eb157616f64
Author: Fam Zheng <email address hidden>
    file-posix: Add image locking to perm operations

That will trigger:
apparmor="DENIED" operation="file_lock" namespace="root//lxd-testkvm-artful-from_<var-lib-lxd>" profile="libvirt-f687a9b3-5bca-41bc-b206-6e616720cc5e" name="/var/lib/uvtool/libvirt/images/kvmguest-artful-normal.qcow" pid=7001 comm="qemu-system-x86" requested_mask="k" denied_mask="k" fsuid=0 ouid=0

Which in turn needs a fix in virt-aa-helper

Qemu is affected and effectively the trigger, but the fix will have to take place in libvirt - so I added a task but set it to won't fix to reflect that.

Changed in qemu (Ubuntu):
status: New → Won't Fix
Changed in libvirt (Ubuntu):
status: New → In Progress
tags: added: libvirt-3.6
tags: removed: libvirt-3.6
Launchpad Janitor (janitor) wrote :
Download full text (9.6 KiB)

This bug was fixed in the package libvirt - 3.6.0-1ubuntu1

libvirt (3.6.0-1ubuntu1) artful; urgency=medium

  * Merged with Debian unstable (3.6)
    This closes several bugs:
    - aarch64: improved chardev handling (LP: #1697610)
    - Forbid locking memory without memtune (LP: #1708305)
  * Remaining changes:
    - Disable sheepdog (universe dependency)
    - Disable libssh2 support (universe dependency)
    - Disable firewalld support (universe dependency)
    - Disable selinux
    - Set qemu-group to kvm (for compat with older ubuntu)
    - Regularly clear AppArmor profiles for vms that no longer exist
    - Additional apport package-hook
    - Modifications to adapt for our delayed switch away from libvirt-bin (can
      be dropped >18.04).
      + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
        to old service name so that old references work
      + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
        to old service name so that old references work
      + d/control: transitional package with the old name and maintainer
        scripts to handle the transition
    - Backwards compatible handling of group rename (can be dropped >18.04).
    - config details and autostart of default bridged network. Creating that is
      now the default in general, yet our solution provides the following on
      top as of today:
      + nat only on some ports <port start='1024' end='65535'/>
      + autostart the default network by default
      + do not autostart if is already taken (e.g. in containers)
    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
      the group based access to libvirt functions as it was used in Ubuntu
      for quite long.
      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
        due to the group access change.
    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
      which provided a separate kvm-spice.
    - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
    - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
      section that adapts the path of the emulator to the Debian/Ubuntu
      packaging is kept.
    - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
      set VRAM to minimum requirements
    - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
    - Add libxl log directory
    - Automatically switch default libvirt URI for users on
      Xen dom0 via user profile (was missing on changelogs before)
    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
      included_files to avoid build failures due to duplicate definitions.
    - Update README.Debian with Ubuntu changes
    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
    - Enable some additional features on ppc64el and s390x (for arch parity)
      + systemtap, zfs, numa and numad on s390x.
      + systemtap on ppc64el.
    - fix conffile upgrade handling to avoid obsolete files
      and inactive duplica...


Changed in libvirt (Ubuntu):
status: In Progress → Fix Released
tags: added: qemu-file-locking
kvaps (kvapss) wrote :

Affects Artful and Bionic

Here is published fix for qemu:

Hi kvaps, what you reported is a particular discussion on the handling of snapshots.
The bug here was the general introduction of image locking that caused some issues in formerly working cases.

The patch you referred to never made it upstream and that indicates that there was either another solution or it was found that it is actually a config/setup issue.
In fact I have neither found a similar change/title since then in git.

Would you mind filing this as a new Launchpad bug to keep the discussion separate.
There I'd be happy if you could outline steps to reproduce the issue with snapshot usage that formerly worked.

If you happen to find how the discussion continued in another thread please add it there too.

Oleg Krutov (oleg-krutov) wrote :

 I have just faced that bug after upgrade from ubuntu 16.04 to 18.04.1.

 I create VMs with qcow2 volumes backed by physical raw drives. Now it is unable to create VM via virt-install because of "unable to lock byte 100" bug. So, since libvirt version in 18.04.1 is already 4.0.0, is there a regression since 3.6 or what?

 Any working workaround is very appreciated. Can I shut down that locking? I don't need it at all.

Oleg Krutov (oleg-krutov) wrote :

Problem is just in qcow2 backed by physical drives, -- if no backing file of it is just a file then all is ok. So, is it possible to disable locking in such cases?

Oleg Krutov (oleg-krutov) wrote :

"Solved" it. Added "/dev/sd* rk" in /etc/apparmor.d/abstractions/libvirt-qemu.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers