kvm snapshot-create-as failed

Question

I have Ubuntu server with qemu/kvm. I'm try to create snapshot (for further backup) using libvirt and get this error:

# virsh snapshot-create-as --domain 56 --name copy_snap --no-metadata --disk-only --atomic --diskspec vda,snapshot=external,file=/path/to/snapshot
error: internal error: cannot update AppArmor profile 'libvirt-429060e6-88af-4515-b028-e5c9493a926a'

In journal:

# journalctl  -f
Dec 10 16:09:02 gamma libvirtd[23795]: internal error: Child process (/usr/lib/libvirt/virt-aa-helper -p 0 -r -u libvirt-429060e6-88af-4515-b028-e5c9493a926a -f /home/v.pastushenko/wiki.snap) unexpected exit status 1: virt-aa-helper: error: /var/lib/libvirt/qemu/channel/target/C7-Wiki.org.qemu.guest_agent.0
                                       virt-aa-helper: error: skipped restricted file
                                       virt-aa-helper: error: invalid VM definition
Dec 10 16:09:02 gamma libvirtd[23795]: internal error: cannot update AppArmor profile 'libvirt-429060e6-88af-4515-b028-e5c9493a926a'
Dec 10 16:09:02 gamma libvirtd[23795]: internal error: Child process (/usr/lib/libvirt/virt-aa-helper -p 0 -r -u libvirt-429060e6-88af-4515-b028-e5c9493a926a) unexpected exit status 1: virt-aa-helper: error: /var/lib/libvirt/qemu/channel/target/C7-Wiki.org.qemu.guest_agent.0
                                       virt-aa-helper: error: skipped restricted file
                                       virt-aa-helper: error: invalid VM definition
Dec 10 16:09:02 gamma libvirtd[23795]: internal error: cannot update AppArmor profile 'libvirt-429060e6-88af-4515-b028-e5c9493a926a'

In dmesg log i don't see any deny message from AppArmor.

Software versions:

# uname -a
Linux gamma 3.19.0-30-generic #34-Ubuntu SMP Fri Oct 2 22:08:41 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
# kvm --version
QEMU emulator version 2.2.0 (Debian 1:2.2+dfsg-5expubuntu9.6), Copyright (c) 2003-2008 Fabrice Bellard
# dpkg -l | grep libvirt-bin
ii  libvirt-bin                          1.2.12-0ubuntu14.2                  amd64        programs for the libvirt library

I'm think I need to add some rule to AppArmor, which would allow libvirt update it's profiles. But I'm confused by the lack of an audit log in dmesg. Does anyone have any ideas how to fix that?

Radical solution. Deinstalling AppArrmor fixes this problem. — ComBin, Dec 30 '15 at 09:13

score 1 · Answer 1 · answered Dec 14 '15 at 21:01

1

Looks like your libvirt version is outdated or installed incorrectly: latest versions have app armor config scripts in their distribution. Please check if you have files in /etc/apparmor.d/libvirt/

answered Dec 14 '15 at 21:01

nredko

11
1

Yes, i have files in this dir: `$ ls -l /etc/apparmor.d/libvirt/ total 144 -rw-r--r-- 1 root root 632 May 13 2015 TEMPLATE.lxc -rw-r--r-- 1 root root 164 May 13 2015 TEMPLATE.qemu -rw-r--r-- 1 root root 265 Jul 17 13:11 libvirt-17636630-a588-4e27-8f03-4975f484328f -rw-r--r-- 1 root root 495 Oct 9 12:07 libvirt-17636630-a588-4e27-8f03-4975f484328f.files ...` – ComBin Dec 15 '15 at 08:22

kvm snapshot-create-as failed

1 Answers1