Launchpad has imported 2 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=1746684.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2019-08-29T06:22:52+00:00 lars.dunemark wrote: Created attachment 1609257 Domain file Description of problem: Creating a domain with multiple disks and trying to take an disk-only snapshot with external disk overlay fails with the error "Could not create file: Permission denied" Version-Release number of selected component (if applicable): Tested on 4.0.0, 5.0.0 and master (648c11c04cf1d45f37f4662ffb7952611ddb458c) How reproducible: Create a new domain for qemu with 2 disk connected. (dumpxml of my domain as attachemnt) Steps to Reproduce: 1. snapshot-create-as --domain ubuntu18.04 --disk-only --atomic --diskspec vda,file=/var/lib/libvirt/images/ubuntu18.04-overlay.qcow2,snapshot=external --diskspec vdb,file=/var/lib/libvirt/images/ubuntu18.04-1-overlay.qcow2,snapshot=external Actual results: error: internal error: unable to execute QEMU command 'transaction': Could not create file: Permission denied Expected results: Domain snapshot 1567058757 created Additional info: When manually adding the path to vda overlay file in /etc/apparmor.d/libvirt/libvirt-a955728a-ac8f-4fcb-8bea-3e12fca826a7 as: "/var/lib/libvirt/images/ubuntu18.04-overlay.qcow2" rwk, It works to take snapshot for both disk. So it looks like the apparmor is only updated with the last disk Reply at: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1845506/comments/0 ------------------------------------------------------------------------ On 2019-10-15T14:34:39+00:00 paelzer wrote: FYI - I was debugging this in the context of Ubuntu bug https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1845506 I think I found the root cause (see recent updates there) The summary for now is: - one of the labeling calls does not use append=true - thereby the apparmor rules get re-rendered from XML throwing away former appended paths - the snapshot case here represents two calls and the second throws away the content of the former one If from here all goes well will submit patches some-when this week. Reply at: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1845506/comments/16 ** Changed in: libvirt Status: Unknown => Confirmed ** Changed in: libvirt Importance: Unknown => Undecided -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1845506 Title: Libvirt snapshot doesn't update apparmor profile To manage notifications about this bug go to: https://bugs.launchpad.net/libvirt/+bug/1845506/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
