AppArmor security driver does not support backingstore
Bug #470636 reported by
Olivier d.
This bug affects 5 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Karmic |
Won't Fix
|
Medium
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Jamie Strandboge |
Bug Description
Binary package hint: libvirt-bin
System : Ubuntu 9.10 (x86_64)
Version of libvirt-bin : 0.7.0-1ubuntu13
When virt-aa-helper add a profile on apparmor, it does not check if the QEMU disk image is based on a read-only image.
This command create a copy-on-write image system.img based on readonly.img :
$ kvm-img create -b readonly.img -f qcow2 system.img
virt-aa-helper should allows read access on readonly.img, and also check that readonly.img is not a COW image. But it only add an access to system.img :
$ grep img /etc/apparmor.
"/home/
$
description: | updated |
tags: | added: apparmor |
Changed in libvirt (Ubuntu Lucid): | |
status: | Triaged → In Progress |
To post a comment you must log in.
Thank you for using Ubuntu and taking the time to report a bug. For now, you must add the readonly file to /etc/apparmor. d/libvirt/ libvirt- <uuid> (don't add it to the dynamically generated libvirt- <uuid>. files file). After that you can shutdown the virtual machine and after that it will work as expected.
I am going to mark this wishlist for now. While this is a bug, libvirt does not support snapshotting by using cow files. This will be fixed when the upstream sVirt plugin framework supports snapshotting via cow files.