Bug 1288558

Summary: libvirt error when trying to 'hot' attach-disk on guest with “Channel qemu-ga”
Product: [Community] Virtualization Tools Reporter: Maxim <fatherice>
Component: libvirtAssignee: Libvirt Maintainers <libvirt-maint>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: antoniok.spb, crobinso, rbalakri
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-10 22:47:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Maxim 2015-12-04 15:04:26 UTC 
Description of problem:

I have KVM virtual machine running CentOS 7 as guest OS. I'm trying to attach an additional disk to it on the run (without shutting it down) using this command:

$ sudo virsh attach-disk centos --source /var/lib/libvirt/images/newdisk.img --target sdb --persistent

But receive an error:
error: Failed to attach disk
error: internal error: cannot update AppArmor profile 'libvirt-d2e7bbb8-c7b3-44ec-b0ea-27539e0df732'

If I do the same with Debian guest - everything is ok.

I compared two VM's xml and saw that CentOS have QEMU-agent in his configuration:

<channel type="unix">
<source mode="bind" path="/var/lib/libvirt/qemu/channel/target/centos_auto.org.qemu.guest_agent.0"></source>
<target name="org.qemu.guest_agent.0" type="virtio"></target>
<address bus="0" controller="0" port="1" type="virtio-serial"></address>
</channel>

Then I removed "channel qemu-ga", restarted VM and checked "hot add" feature. It worked.

I tested it on other VMs (CentOS, Fedora, Debian) and saw the same. 

Version-Release number of selected component (if applicable):

Host-OS: Ubuntu 15.10
Libvirtd: 1.2.16
QEMU: 2.3 and 2.4.1
VMM:1.3.0

As a result:

1. If enable qemu-agent (Channel qemu-ga) i cannot use hot plug.
2. If use "hot plug" i must forget about agent.

Is it my mistake in configuration or these features can't work together?
Comment 1 Maxim 2015-12-11 08:34:08 UTC 
**UPDATE**

Forgot to write: This problem occurs only on the host where AppArmor installed.
Comment 2 Cole Robinson 2016-04-10 22:47:59 UTC 
I think it was fixed by this:

commit 03d7462d87011c3db2ae82ae14d56d2979d92f0c
Author: Serge Hallyn <serge.hallyn>
Date:   Fri Apr 10 20:21:03 2015 +0000

    virt-aa-helper: add unix channels (esp for qemu-guest-agent)