I think this is actually causing a moderately serious regression with snapshots.
If you look at the contents of an apparmor define for an example VM the deny that silences the error here also prevents snapshot commits from working and because the error is hidden makes this extra difficult to debug. "/var/log/libvirt/**/OpenWRT.log" w, "/var/lib/libvirt/**/OpenWRT.monitor" rw, "/var/run/libvirt/**/OpenWRT.pid" rwk, "/run/libvirt/**/OpenWRT.pid" rwk, "/var/run/libvirt/**/*.tunnelmigrate.dest.OpenWRT" rw, "/run/libvirt/**/*.tunnelmigrate.dest.OpenWRT" rw, "/var/lib/libvirt/images/openwrt-x86-kvm_guest-combined-ext4-zfs-1.qcow2" rw, "/var/lib/libvirt/images/openwrt-x86-kvm_guest-combined-ext4.img" r, # don't audit writes to readonly files deny "/var/lib/libvirt/images/openwrt-x86-kvm_guest-combined-ext4.img" w, /dev/vhost-net rw, "/var/lib/libvirt/images/openwrt-x86-kvm_guest-combined-ext4.img" rw, The bug number for the snapshot bug is #453335 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/453335 Title: apparmor complains about write access to a readonly file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/453335/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
