Package: libvirt-client Version: 1.2.21-1 Severity: serious Dear Maintainer,
Running “virsh attach-disk <domain> <source> <target>” with AppArmor enabled and the domain confined in enforce mode gives this error: root@host:~# virsh attach-disk debian8 /var/lib/libvirt/images/disk_to_attach.img vdd error: Failed to attach disk error: internal error: unable to execute QEMU command 'device_add': Property 'virtio-blk-device.drive' can't find value 'drive-virtio-disk3' From journal: audit: type=1400 audit(1447406591.802:2015): apparmor="STATUS" operation="profile_replace" name="libvirt-73a13868-fbfd-4dce-bbf1-effde396bb12" pid=57268 comm="apparmor_parser" audit: type=1400 audit(1447406591.862:2016): apparmor="STATUS" operation="profile_replace" name="qemu_bridge_helper" pid=57268 comm="apparmor_parser" audit: type=1400 audit(1447406591.892:2017): apparmor="DENIED" operation="open" profile="libvirt-73a13868-fbfd-4dce-bbf1-effde396bb12" name="/var/lib/libvirt/images/to_attach.img" pid=56392 comm="kvm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 audit: type=1400 audit(1447406591.952:2018): apparmor="DENIED" operation="open" profile="libvirt-73a13868-fbfd-4dce-bbf1-effde396bb12" name="/var/lib/libvirt/images/to_attach.img" pid=56392 comm="kvm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 audit: type=1400 audit(1447406592.002:2019): apparmor="DENIED" operation="open" profile="libvirt-73a13868-fbfd-4dce-bbf1-effde396bb12" name="/var/lib/libvirt/images/to_attach.img" pid=56392 comm="kvm" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0 audit: type=1400 audit(1447406592.262:2020): apparmor="STATUS" operation="profile_replace" name="libvirt-73a13868-fbfd-4dce-bbf1-effde396bb12" pid=57270 comm="apparmor_parser" audit: type=1400 audit(1447406592.342:2021): apparmor="STATUS" operation="profile_replace" name="qemu_bridge_helper" pid=57270 comm=“apparmor_parser" When putting the domain in complain/disabled mode, the error keeps showing up until the domain is destroyed/recreated or saved/restored. This errors appears with libvirt from debian stable, debian testing and from a compiled version of the source. Ubuntu 15.10 is not affected by this bug. Steps to reproduce: 1- Make sure AppArmor is enabled and libvirtd is confined 2- Run a VM and check if its profile is put in enforce mode 3- Run the “virsh attach-disk <domain> <source> <target>” , where <domain> is the VM name. Kind Regards, Carlo -- System Information: Debian Release: 8.2 APT prefers testing APT policy: (950, 'testing'), (895, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 4.3.0-rc2-jessie1.1 (SMP w/40 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
