Re: [libvirt] Live attaching a disk to a VM fails with apparmor enabled

Hello, I'm running libvirt 3.1.0 on a Debian 8 server. I installed apparmor and configured libvirt to use apparmor as security driver. After booting a VM, virsh dumpxml shows an apparmor seclabel. As soon as I try to attach a second disk to the VM, apparmor blocks this. virsh attach-device test-vps /tmp/virshXmlDefinition error: Failed to attach device from /tmp/virshXmlDefinition error: operation failed: Could not open '/mnt/images/disk2.raw': Permission denied Syslogs shows me the following: Mar 22 17:45:20 vps0 kernel: [1136647.318314] audit: type=1400 audit(1490201120.577:30): apparmor="DENIED" operation="open" profile="libvirt-5747e4db-a3b7-fd69-ca89-00007b0bf859" name="/mnt/images/disk2.raw" pid=13453 comm="kvm" requested_mask="r" denied_mask="r" fsuid=996 ouid=33 Mar 22 17:45:20 vps0 kernel: [1136647.325155] audit: type=1400 audit(1490201120.577:31): apparmor="DENIED" operation="open" profile="libvirt-5747e4db-a3b7-fd69-ca89-00007b0bf859" name="/mnt/images/disk2.raw" pid=13453 comm="kvm" requested_mask="rw" denied_mask="rw" fsuid=996 ouid=33 Mar 22 17:45:20 vps0 libvirtd[10282]: 2017-03-22 16:45:20.596+0000: 10283: error : qemuMonitorTextAddDrive:1968 : operation failed: Could not open '/mnt/images/disk2.raw': Permission denied In the VM specific apparmor file /etc/apparmor.d/libvirt/libvirt-5747e4db-a3b7-fd69-ca89-00007b0bf859.files I see: "/mnt/images/disk1.raw" rw, Which is my primary VM disk, I expected a virsh attach-device to append /mnt/images/disk2.raw to this file and reload/refresh the apparmor profile? I'm not able to attach a live disk to a running VM with apparmor. Am I missing something? Or is this a bug/missing feature in libvirt? Thanks, Frank -- libvir-list mailing list libvir-list(a)redhat.com https://www.redhat.com/mailman/listinfo/libvir-list