On 10/21/22 15:30, Gionatan Danti wrote:

Hi all, due to this [1] I am trying to change a guest's disk definition from "pool volume" to "file" via hook scripts.

This is downright libvirt bug and needs to be fixed. For the libvirt developers on CC: when starting a domain, the QEMU driver sets disk src->path to the actual file path in virDomainDiskTranslateSourcePool() which is called from qemuProcessPrepareDomainStorage(). I'm not sure whether the virt-aa helper sees the translated path in the XML though. So maybe something as trivial as the following might help? diff --git i/src/security/virt-aa-helper.c w/src/security/virt-aa-helper.c index a15971b9bb..f42c3f9a42 100644 --- i/src/security/virt-aa-helper.c +++ w/src/security/virt-aa-helper.c @@ -904,6 +904,7 @@ get_files(vahControl * ctl) #ifdef WITH_STORAGE virDriverLoadModule("storage", "storageRegister", false); #endif + virDomainDiskTranslateSourcePool(ctl->def); for (i = 0; i < ctl->def->ndisks; i++) { virDomainDiskDef *disk = ctl->def->disks[i];

This seems an easy task via virsh detach-disk and virsh attach-disk, but virsh can not be called inside libvirt hook scripts. The best approach would be to change the disk definition right when a disk is attached, but I can not find any event calling a hook script when a disk is attache/detached.

You don't want to translate the path yourself. Libvirt has extensive code for that.

Do you have any suggestion short of monitoring the directory /etc/libvirt/qemu itself for changed files? Thanks.

These are not the only files where libvirt stores its configuration. For instance, if I'd 'virsh attach-device --live' then this new device won't appear in the XML stored under /etc/libvirt/qemu. I hope we can resolve this libvirt bug soon and you can use fixed version. Michal