Hi,
Several months ago, I ran into issue #135 which says that Qemu under
AppArmor can't access LVM volume disks. I have been studying the code
and the invocation of virt-aa-helper. I'm using 11.3.0 and 10.0.0 --
I'm working to compile and run a development version, but have my
progress to share in the mean time.
So far, I'm finding that if I create a volume-based disk XML entry in
my domain definition:
<disk type='volume' device='disk'>
<driver name='qemu' type='qcow2'/>
<source pool='default' volume='cirros.img'/>
<target dev='sda' bus='scsi'/>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
with this, there is *no* XML (at all) on standard input in the
virt-aa-helper command, whereas when using effectively the same
definition, resolving the file manually, like this:
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/images/cirros.img'/>
<target dev='sda' bus='scsi'/>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
I get full XML on standard input for virt-aa-helper, with this being
the snippet for the disk definition:
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/images/cirros.img' index='1'/>
<backingStore/>
<target dev='sda' bus='scsi'/>
<alias name='scsi0-0-0-0'/>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
I'm not asking for a fix, but would like to know if anybody has any
"Ah hah!" moments about this - and if not, if there are some hints on
how to test this, hopefully without needing to restart a VM
over-and-over.
Thanks in advance for any hints you may be able to provide!
--
Bye,
Erik.
http://efficito.com -- Hosted accounting and ERP.
Robust and Flexible. No vendor lock-in.
