Ubuntu
libvirt package

apparmor errors when using qcow2 image with backing_file

Bug #544435 reported by Scott Moser on 2010-03-22

This bug report is a duplicate of: Bug #470636: AppArmor security driver does not support backingstore. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	libvirt (Ubuntu)	New	Undecided	Unassigned

Bug Description

I am trying to start a libvirt domain using xml containing :
        <disk type='file'>
            <source file='/home/ubuntu/test2-image/disk'/>
            <target dev='sda'/>
        </disk>

I'm launching image with:
$ virsh --connect qemu:///system start test1

Where 'disk' was created with:
$ qemu-img create -f qcow2 -o backing_file=disk.dist disk

$ qemu-img info disk
image: disk
file format: qcow2
virtual size: 3.0G (3273654272 bytes)
disk size: 140K
cluster_size: 65536
backing file: disk.dist (actual path: disk.dist)

it seems that the apparmor profile that is generated for the domain is not allowing access to disk.dist .
I see errors like the following in kern.log:
Mar 22 14:33:26 kearney kernel: [603157.344449] type=1503 audit(1269286406.316:70): operation="open" pid=14067 parent=1 profile="libvirt-b66591be-dfd5-3240-fee6-a26ca1247d8b" requested_mask="::r" denied_mask="::r" fsuid=0 ouid=1000 name="/home/ubuntu/test2-image/disk.dist"

This issue can be workd around by either:
a.) do not use qemu-img backing store images
b.) run virsh with sudo and have both disk and disk.img with root:root ownership.

ProblemType: Bug
Architecture: amd64
Date: Mon Mar 22 14:26:04 2010
DistroRelease: Ubuntu 10.04
Package: libvirt-bin (not installed)
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.32-16.25-server
SourcePackage: libvirt
Uname: Linux 2.6.32-16-server x86_64

Tags:

Revision history for this message

Scott Moser (smoser) wrote on 2010-03-22:

libvirt xml for define Edit (849 bytes, text/xml)

attaching the full xml that i used to define the domain

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2010-03-23:

Thank you for taking the time to report this bug and helping to make Ubuntu better. This particular bug has already been reported and is a duplicate of bug 470636, so it is being marked as such. Please look at the other bug report to see if there is any missing information that you can provide, or to see if there is a workaround for the bug. Additionally, any further discussion regarding the bug should occur in the other report. Feel free to continue to report any other bugs you may find.