I think this is actually causing a moderately serious regression with snapshots.
If you look at the contents of an apparmor define for an example VM the deny that silences the error here also prevents snapshot commits from working and because the error is hidden makes this extra difficult to debug. "/var/log/libvirt/**/OpenWRT.log" w, "/var/lib/libvirt/**/OpenWRT.monitor" rw, "/var/run/libvirt/**/OpenWRT.pid" rwk, "/run/libvirt/**/OpenWRT.pid" rwk, "/var/run/libvirt/**/*.tunnelmigrate.dest.OpenWRT" rw, "/run/libvirt/**/*.tunnelmigrate.dest.OpenWRT" rw, "/var/lib/libvirt/images/openwrt-x86-kvm_guest-combined-ext4-zfs-1.qcow2" rw, "/var/lib/libvirt/images/openwrt-x86-kvm_guest-combined-ext4.img" r, # don't audit writes to readonly files deny "/var/lib/libvirt/images/openwrt-x86-kvm_guest-combined-ext4.img" w, /dev/vhost-net rw, "/var/lib/libvirt/images/openwrt-x86-kvm_guest-combined-ext4.img" rw, The bug number for the snapshot bug is #453335 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/453335 Title: apparmor complains about write access to a readonly file Status in libvirt package in Ubuntu: Fix Released Status in linux package in Ubuntu: Fix Released Status in libvirt source package in Lucid: Fix Released Status in linux source package in Lucid: Fix Released Status in libvirt source package in Karmic: Fix Released Status in linux source package in Karmic: Fix Released Bug description: When doing libvirt/apparmor ISO testing, I noticed that if I try to create a VM via an ISO image, I get the following apparmor denied message: type=APPARMOR_DENIED msg=audit(1255714703.311:56): operation="open" pid=31330 parent=1 profile="libvirt-7e7f916e-ff5a-c997-e9f6-c379793fd5be" requested_mask="::rw" denied_mask="::w" fsuid=0 ouid=1000 name="/home/jamie/vms/isos/karmic/karmic-desktop-i386.iso" What is happening is that libvirt is for some reason trying to write to this file, but it shouldn't. virt-manager shows this device as readonly and the XML for the VM shows it too: <disk type='file' device='cdrom'> <source file='/home/jamie/vms/isos/karmic/karmic-desktop-i386.iso'/> <target dev='hdc' bus='ide'/> <readonly/> </disk> The installation proceeds just fine and this isn't a regression, but libvirt should not try to write to installation media like this. I encountered this when installing via virt-manager using the following: local ISO, os type: generic/generic, kvm/i686, 512, 1 vcpu, 8GB disk, don't allocate now ProblemType: Bug Architecture: amd64 Date: Fri Oct 16 12:47:32 2009 DistroRelease: Ubuntu 9.10 Package: libvirt-bin 0.7.0-1ubuntu11 ProcEnviron: PATH=(custom, user) LANG=en_US.UTF-8 SHELL=/bin/bash ProcVersionSignature: Ubuntu 2.6.31-14.47-generic SourcePackage: libvirt Uname: Linux 2.6.31-14-generic x86_64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/453335/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
