[Bug 1004606] Re: virsh create-snapshot fails to create external snapshot (blockdev-snapshot-sync fails in json monitor)

Theodor van Nahl Fri, 31 May 2013 03:36:44 -0700

In the /etc/apparmor.d/local/usr.sbin.libvirtd file I just created one
rule to give libvirtd read'n'write access to the images in my storage
pool with the following line:


            "/var/lib/libvirt/images/*.img" rw,

As preliminary: I have created my own naming convention for my overlays,
these are used for incremental backups to another server. This
convention can be found in my abstractation and has to be adjusted to
your own needs.

First of all I've created my own abstraction as /etc/apparmor.d/local
/abstraction-libvirt-storage. This file gives the clients access to the
important images like that:

        "/var/lib/libvirt/images/*.base.img"        rw,
        "/var/lib/libvirt/images/*.base.img"    rw,
        "/var/lib/libvirt/images/*.stable_overlay.img"  rw,
        "/var/lib/libvirt/images/*.running.img" rw,

The /etc/apparmor.d/libvirt/TEMPLATE file is a source for all rule files
in /etc/apparmor.d/libvirt/. There you need to source the abstraction-
libvirt-storage so the TEMPLATE looks similar to this one (adjust to
your own needs):

profile LIBVIRT_TEMPLATE {
  #include <abstractions/libvirt-qemu>
  #include <local/abstractation-libvirt-storage>
}

It is also possible to put the information of the abstraction-libvirt-
storage file directly into the TEMPLATE but a change on some of the
rules would require to edit multiple files ( /etc/apparmor.d/libvirt/*)

I hope this will help. This adjustments should be fine for safety
requirement, because the host should still be secured against guests and
thats the only thing you can do with libvirt+apparmor.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to qemu-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1004606

Title:
  virsh create-snapshot fails to create external snapshot (blockdev-
  snapshot-sync fails in json monitor)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1004606/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1004606] Re: virsh create-snapshot fails to create external snapshot (blockdev-snapshot-sync fails in json monitor)

Reply via email to