[Bug 544435] [NEW] apparmor errors when using qcow2 image with backing_file

[Scott Moser]

Public bug reported:

I am trying to start a libvirt domain using xml containing :
        <disk type='file'>
            <source file='/home/ubuntu/test2-image/disk'/>
            <target dev='sda'/>
        </disk>

I'm launching image with:
$ virsh --connect qemu:///system start test1

Where 'disk' was created with:
$ qemu-img create -f qcow2 -o backing_file=disk.dist disk

$ qemu-img info disk
image: disk
file format: qcow2
virtual size: 3.0G (3273654272 bytes)
disk size: 140K
cluster_size: 65536
backing file: disk.dist (actual path: disk.dist)

it seems that the apparmor profile that is generated for the domain is not allowing access to disk.dist .
I see errors like the following in kern.log:
Mar 22 14:33:26 kearney kernel: [603157.344449] type=1503 audit(1269286406.316:70):  operation="open" pid=14067 parent=1 profile="libvirt-b66591be-dfd5-3240-fee6-a26ca1247d8b" requested_mask="::r" denied_mask="::r" fsuid=0 ouid=1000 name="/home/ubuntu/test2-image/disk.dist"

This issue can be workd around by either:
a.) do not use qemu-img backing store images
b.) run virsh with sudo and have both disk and disk.img with root:root ownership.

ProblemType: Bug
Architecture: amd64
Date: Mon Mar 22 14:26:04 2010
DistroRelease: Ubuntu 10.04
Package: libvirt-bin (not installed)
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.32-16.25-server
SourcePackage: libvirt
Uname: Linux 2.6.32-16-server x86_64

** Affects: libvirt (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug lucid

-- 
apparmor errors when using qcow2 image with backing_file
https://bugs.launchpad.net/bugs/544435
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.