Extending your already good testcase description:

# create a simple guest
 $ sudo apt-get install uvtool-libvirt zfsutils-linux
 $ uvt-simplestreams-libvirt --verbose sync --source 
http://cloud-images.ubuntu.com/daily arch=amd64 label=daily release=xenial
 $ ssh-keygen
 $ uvt-kvm create --password=ubuntu testguest release=xenial arch=amd64 
label=daily
# create a zpool to use
 $ for i in $(seq 1 3); do dd if=/dev/zero of=/tmp/fdisk${i} bs=1M count=1024; 
done
 $ sudo zpool create internal /tmp/fdisk*
# make pool in libvirt and guest disk foo
 $ virsh pool-define-as internal zfs
 $ virsh pool-start internal
 $ virsh vol-create-as internal foo 2G
# link up zpool, by adding this to the guest
    <disk type='volume' device='disk'>
      <driver name='qemu' type='raw' cache='none'/>
      <source pool='internal' volume='foo'/>
      <target dev='vdc' bus='virtio'/>
    </disk>
# start the guest
$ virsh start testguest

All run into:
Could not open '/dev/zvol/internal/foo': Permission denied

And I can see the reported Deny:
apparmor="DENIED" operation="open" [...] name="/dev/zd0" [...]

That said setting to confirmed for now.
Also I checked this applies to all of releases X-Z.

Need to dive into aa-helper how close or far that is as of today to get
this done.

** Changed in: libvirt (Ubuntu)
       Status: New => Confirmed

** Also affects: libvirt (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: libvirt (Ubuntu Zesty)
   Importance: Undecided
       Status: Confirmed

** Also affects: libvirt (Ubuntu Yakkety)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1677398

Title:
  Apparmor prevents using ZFS storage pools

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1677398/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to