apparmor errors when using qcow2 image with backing_file

Bug #544435 reported by Scott Moser
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libvirt (Ubuntu)
New
Undecided
Unassigned

Bug Description

I am trying to start a libvirt domain using xml containing :
        <disk type='file'>
            <source file='/home/ubuntu/test2-image/disk'/>
            <target dev='sda'/>
        </disk>

I'm launching image with:
$ virsh --connect qemu:///system start test1

Where 'disk' was created with:
$ qemu-img create -f qcow2 -o backing_file=disk.dist disk

$ qemu-img info disk
image: disk
file format: qcow2
virtual size: 3.0G (3273654272 bytes)
disk size: 140K
cluster_size: 65536
backing file: disk.dist (actual path: disk.dist)

it seems that the apparmor profile that is generated for the domain is not allowing access to disk.dist .
I see errors like the following in kern.log:
Mar 22 14:33:26 kearney kernel: [603157.344449] type=1503 audit(1269286406.316:70): operation="open" pid=14067 parent=1 profile="libvirt-b66591be-dfd5-3240-fee6-a26ca1247d8b" requested_mask="::r" denied_mask="::r" fsuid=0 ouid=1000 name="/home/ubuntu/test2-image/disk.dist"

This issue can be workd around by either:
a.) do not use qemu-img backing store images
b.) run virsh with sudo and have both disk and disk.img with root:root ownership.

ProblemType: Bug
Architecture: amd64
Date: Mon Mar 22 14:26:04 2010
DistroRelease: Ubuntu 10.04
Package: libvirt-bin (not installed)
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.32-16.25-server
SourcePackage: libvirt
Uname: Linux 2.6.32-16-server x86_64

Revision history for this message
Scott Moser (smoser) wrote :

attaching the full xml that i used to define the domain

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. This particular bug has already been reported and is a duplicate of bug 470636, so it is being marked as such. Please look at the other bug report to see if there is any missing information that you can provide, or to see if there is a workaround for the bug. Additionally, any further discussion regarding the bug should occur in the other report. Feel free to continue to report any other bugs you may find.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers