Extending your already good testcase description: # create a simple guest $ sudo apt-get install uvtool-libvirt zfsutils-linux $ uvt-simplestreams-libvirt --verbose sync --source http://cloud-images.ubuntu.com/daily arch=amd64 label=daily release=xenial $ ssh-keygen $ uvt-kvm create --password=ubuntu testguest release=xenial arch=amd64 label=daily # create a zpool to use $ for i in $(seq 1 3); do dd if=/dev/zero of=/tmp/fdisk${i} bs=1M count=1024; done $ sudo zpool create internal /tmp/fdisk* # make pool in libvirt and guest disk foo $ virsh pool-define-as internal zfs $ virsh pool-start internal $ virsh vol-create-as internal foo 2G # link up zpool, by adding this to the guest <disk type='volume' device='disk'> <driver name='qemu' type='raw' cache='none'/> <source pool='internal' volume='foo'/> <target dev='vdc' bus='virtio'/> </disk> # start the guest $ virsh start testguest
All run into: Could not open '/dev/zvol/internal/foo': Permission denied And I can see the reported Deny: apparmor="DENIED" operation="open" [...] name="/dev/zd0" [...] That said setting to confirmed for now. Also I checked this applies to all of releases X-Z. Need to dive into aa-helper how close or far that is as of today to get this done. ** Changed in: libvirt (Ubuntu) Status: New => Confirmed ** Also affects: libvirt (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: libvirt (Ubuntu Zesty) Importance: Undecided Status: Confirmed ** Also affects: libvirt (Ubuntu Yakkety) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1677398 Title: Apparmor prevents using ZFS storage pools To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1677398/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs