Bug 1361592
Summary: | image backing file cannot be accessed when adding device to running domain due to incomplete apparmor profile | ||
---|---|---|---|
Product: | [Community] Virtualization Tools | Reporter: | silvan |
Component: | libvirt | Assignee: | Libvirt Maintainers <libvirt-maint> |
Status: | NEW --- | QA Contact: | |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | unspecified | CC: | libvirt-maint, povilas, sombrafam |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | Type: | Bug | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
silvan
2016-07-29 13:10:59 UTC
The second log excerpt is cut a bit short. The following lines should be added at the top of the second log excerpt (they contain the actual virt-aa-helper call): 2016-07-29 12:53:51.297+0000: 6958: debug : qemuSetupDiskPathAllow:60 : Process path /mnt/quobyte-volume/abfa1002557ab2b21ec218a86487dd92/volume-48535ec1-31be-422a-8285-da24fbf5cc44 for disk 2016-07-29 12:53:51.297+0000: 6958: debug : virCommandRunAsync:2282 : About to run /usr/lib/libvirt/virt-aa-helper -p 0 -r -u libvirt-692a3a05-4a42-4167-bec6-8876e99e3b8b -f /mnt/quobyte-volume/abfa1002557ab2b21 ec218a86487dd92/volume-48535ec1-31be-422a-8285-da24fbf5cc44 2016-07-29 12:53:51.298+0000: 6958: debug : virCommandRunAsync:2285 : Command result 0, with PID 17651 2016-07-29 12:53:51.645+0000: 6958: debug : virCommandRun:2142 : Result status 0, stdout: '' stderr: '' 2016-07-29 12:53:51.645+0000: 6958: debug : qemuDomainPCIAddressGetNextSlot:2270 : PCI slot 0000:00:01 already in use 2016-07-29 12:53:51.645+0000: 6958: debug : qemuDomainPCIAddressGetNextSlot:2270 : PCI slot 0000:00:02 already in use 2016-07-29 12:53:51.645+0000: 6958: debug : qemuDomainPCIAddressGetNextSlot:2270 : PCI slot 0000:00:03 already in use 2016-07-29 12:53:51.645+0000: 6958: debug : qemuDomainPCIAddressGetNextSlot:2270 : PCI slot 0000:00:04 already in use 2016-07-29 12:53:51.645+0000: 6958: debug : qemuDomainPCIAddressGetNextSlot:2313 : Found free PCI slot 0000:00:05 2016-07-29 12:53:51.645+0000: 6958: debug : qemuDomainPCIAddressReserveAddr:2114 : Reserving PCI slot 0000:00:05.0 (multifunction='off') More info in this libvirt-users' thread. https://www.redhat.com/archives/libvirt-users/2016-August/msg00048.html I believe this bug is partially fixed as of libvirt v4.0.0. I see the path to the backing image in the apparmor profile. Unfortunately, this only works for single level of backing images. If the backing image itself has a backing image then the latter is not included into the apparmor profile. I did some debugging of the virt-aa-helper, will post the analysis shortly. |