I have Ubuntu server with qemu/kvm. I'm try to create snapshot (for further backup) using libvirt and get this error:
# virsh snapshot-create-as --domain 56 --name copy_snap --no-metadata --disk-only --atomic --diskspec vda,snapshot=external,file=/path/to/snapshot
error: internal error: cannot update AppArmor profile 'libvirt-429060e6-88af-4515-b028-e5c9493a926a'
In journal:
# journalctl -f
Dec 10 16:09:02 gamma libvirtd[23795]: internal error: Child process (/usr/lib/libvirt/virt-aa-helper -p 0 -r -u libvirt-429060e6-88af-4515-b028-e5c9493a926a -f /home/v.pastushenko/wiki.snap) unexpected exit status 1: virt-aa-helper: error: /var/lib/libvirt/qemu/channel/target/C7-Wiki.org.qemu.guest_agent.0
virt-aa-helper: error: skipped restricted file
virt-aa-helper: error: invalid VM definition
Dec 10 16:09:02 gamma libvirtd[23795]: internal error: cannot update AppArmor profile 'libvirt-429060e6-88af-4515-b028-e5c9493a926a'
Dec 10 16:09:02 gamma libvirtd[23795]: internal error: Child process (/usr/lib/libvirt/virt-aa-helper -p 0 -r -u libvirt-429060e6-88af-4515-b028-e5c9493a926a) unexpected exit status 1: virt-aa-helper: error: /var/lib/libvirt/qemu/channel/target/C7-Wiki.org.qemu.guest_agent.0
virt-aa-helper: error: skipped restricted file
virt-aa-helper: error: invalid VM definition
Dec 10 16:09:02 gamma libvirtd[23795]: internal error: cannot update AppArmor profile 'libvirt-429060e6-88af-4515-b028-e5c9493a926a'
In dmesg log i don't see any deny message from AppArmor.
Software versions:
# uname -a
Linux gamma 3.19.0-30-generic #34-Ubuntu SMP Fri Oct 2 22:08:41 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
# kvm --version
QEMU emulator version 2.2.0 (Debian 1:2.2+dfsg-5expubuntu9.6), Copyright (c) 2003-2008 Fabrice Bellard
# dpkg -l | grep libvirt-bin
ii libvirt-bin 1.2.12-0ubuntu14.2 amd64 programs for the libvirt library
I'm think I need to add some rule to AppArmor, which would allow libvirt update it's profiles. But I'm confused by the lack of an audit log in dmesg. Does anyone have any ideas how to fix that?