Jianfeng Tang
2014-Aug-06 16:02 UTC
Re: [libvirt-users] Ubuntu Trusty: failed to create VM due to permission denied
Thank you Eric. Yes, it looks like AppArmor caused the problem. I will google on how to disable it. On 8/5/14 8:27 PM, "Eric Blake" <eblake@redhat.com> wrote:>On 08/05/2014 05:23 PM, Jianfeng Tang wrote: > >> >> However, if I moved my image file (not base image) to default location >> /var/lib/libvirt/images. It works. >> >> It seems something related to selinux. However, my box seems not have >> selinux installed at all. > >It's probably AppArmor, not SELinux; but the concepts are the same - if >you have a mandatory access control that libvirt can use, then you have >to make sure that non-default locations are permitted through your >control mechanism, in order for libvirt sVirt protections to work with >your layout. > >> >> Anyone knows how to fix this? > >Sadly, I don't use AppArmor myself to offer actual advice on it. > >-- >Eric Blake eblake redhat com +1-919-301-3266 >Libvirt virtualization library http://libvirt.org >
Eric Blake
2014-Aug-06 16:18 UTC
Re: [libvirt-users] Ubuntu Trusty: failed to create VM due to permission denied
On 08/06/2014 10:02 AM, Jianfeng Tang wrote:> Thank you Eric. Yes, it looks like AppArmor caused the problem. I will > google on how to disable it.That feels wrong. "My security process is preventing me from doing something wrong because I didn't configure it to match my usage patterns, so I'm going to disable security". Rather, you should google for how to add additional storage pools to what AppArmor will allow, so that you can continue to have a secure setup. (I feel the same way about people that complain that SELinux prevented them from doing something, so they disable SELinux instead of fixing their process to use SELinux correctly) -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Jianfeng Tang
2014-Aug-06 19:09 UTC
Re: [libvirt-users] Ubuntu Trusty: failed to create VM due to permission denied
Agree. I did a little research. For those who hit this issue, it works after I modified /etc/apparmor.d/abstractions/libvirt-qemu to include the backing store directory. On 8/6/14 11:18 AM, "Eric Blake" <eblake@redhat.com> wrote:>On 08/06/2014 10:02 AM, Jianfeng Tang wrote: >> Thank you Eric. Yes, it looks like AppArmor caused the problem. I will >> google on how to disable it. > >That feels wrong. "My security process is preventing me from doing >something wrong because I didn't configure it to match my usage >patterns, so I'm going to disable security". Rather, you should google >for how to add additional storage pools to what AppArmor will allow, so >that you can continue to have a secure setup. (I feel the same way >about people that complain that SELinux prevented them from doing >something, so they disable SELinux instead of fixing their process to >use SELinux correctly) > >-- >Eric Blake eblake redhat com +1-919-301-3266 >Libvirt virtualization library http://libvirt.org >
Apparently Analagous Threads
- Re: Ubuntu Trusty: failed to create VM due to permission denied
- Re: Ubuntu Trusty: failed to create VM due to permission denied
- Ubuntu Trusty: failed to create VM due to permission denied
- Re: Does libvirt have API to detect image format
- Re: ubuntu virsh snapshot-create-as gives Error -22 while writing VM