As it turns out, this is actually a user error.
When creating the level2.img and level3.img, you must specify the
backing store type, because libvirt won't automatically detect those for
safety reasons. So you should do:
qemu-img create -f qcow2 -o backing_fmt=qcow2 -b level1.img level2.img
This is probably a bug in virDomainDiskDefForeachPath(), as used by
get_files() in virt-aa-helper.c and SELinuxSetSecurityImageLabel() in
security_selinux.c. virDomainDiskDefForeachPath() is used to enumerate
the disk images to add to the dynamic policy for the security drivers.
--
You received
A workaround is to add the missing path to
/etc/apparmor.d/libvirt/libvirt-uuid for the VM in question (but not
the dynamically generated /etc/apparmor.d/libvirt/libvirt-uuid.files).
Obviously this has to be down manually on a per machine basis.
--
You received this bug notification because you
Thank you for taking the time to file this report and helping to make
Ubuntu better.
The information in the description shows that level3.img is owned by
root:root, and that the reason for not being able to use level3.img was
due to permission being denied. Could you chown libvirt-qemu:kvm
Sorry, I'd missed the very start of your description. I see that's what
you're actually reporting.
I think this is a valid bug with the dac security driver.
** Changed in: libvirt (Ubuntu)
Status: Incomplete = Confirmed
--
You received this bug notification because you are a member of
Looking at the libvirt source code, the chowning of the files to
root:root rather than your own credentials is not a bug, but a not-yet-
implemented feature (marked by the comment '/* XXX record previous
ownership */').
Nevertheless, I assume (hope) that level1.img and level2.img do not get
A-ha! It's not the dac driver. It's the apparmor driver. 'grep
apparmor /var/log/syslog | tail' gives me a bunch of:
Jan 3 19:04:06 localhost kernel: [11904.438804] type=1400
audit(1294103046.071:33): apparmor=DENIED operation=open parent=1
profile=libvirt-e58d045d-d4ed-39eb-09d2-c884173ff64c
** Attachment added: VM XML
https://bugs.launchpad.net/bugs/696318/+attachment/1781315/+files/vm.xml
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
https://bugs.launchpad.net/bugs/696318
Title:
Starting VMs