Tried to recreate this while waiting on input:
# Get ZFS Device
$ sudo zpool create zfsmirrortest mirror /dev/sda1 /dev/sdb1
$ sudo zfs create -V 10G zfsmirrortest/vol1
# That gives me:
/dev/zvol/zfsmirrortest/vol1 -> ../../zd0
# Get LVM Device
$ sudo pvcreate /dev/sda2
$ sudo pvcreate /dev/sdb2
$ sudo vgcreate testlvm /dev/sda2 /dev/sdb2
$ sudo lvcreate -n testvol1 -L 5g testlvm
# That gives me
/dev/mapper/testlvm-testvol1 -> ../dm-0
We knoow that pools are broken with apparmor (which made me think this is a
dup to a known feature request bug at first), but lets use these devices as
direct block devices.
That means:
<disk type='block' device='disk'>
<driver name='qemu' type='raw'/>
<source dev='/dev/zvol/zfsmirrortest/vol1'/>
<target dev='vdc' bus='virtio'/>
</disk>
<disk type='block' device='disk'>
<driver name='qemu' type='raw'/>
<source dev='/dev/mapper/testlvm-testvol1'/>
<target dev='vdd' bus='virtio'/>
</disk>
I see for ZFS:
Output: Could not open '/dev/zvol/zfsmirrortest/vol1': Permission denied
Dmesg: apparmor="DENIED" ... name="/dev/zd0"
I see for LVM:
Could not open '/dev/mapper/testlvm-testvol1': Permission denied
Dmesg: apparmor="DENIED" ... name="/dev/dm-0"
For both I get unresolved rules with the latest libvirt:
$ /usr/lib/libvirt/virt-aa-helper -u
libvirt-62298b25-ae68-408a-87be-835677d46c89 -r --dryrun < /tmp/test.xml
[...]
"/dev/zvol/zfsmirrortest/vol1" rwk,
"/dev/mapper/testlvm-testvol1" rwk,
Well I know why this breaks, this is just what the mentioned change should
avoid.
Mabye there is an interaction how zfs/lvm are added and the fix that inverts it
for those?
Further you don't need to fully install test versions for this.
I picked a .deb of an older build extracted with dpkg -x and then ran directly
against this virt-aa-helper.
I got the expected:
"/dev/zd0" rwk,
"/dev/dm-0" rwk,
On the good side, I can recreate the issue and go on my own.
Never the less for completeness the data as asked comment #10 can still
help to find if you really face "the same".
** Changed in: libvirt (Ubuntu)
Status: Incomplete => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1756394
Title:
Upgrading libvirt from 4.0.0-1ubuntu4 to 4.0.0-1ubuntu5 introduced a
permission denied on device error
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1756394/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
