[Pkg-libvirt-maintainers] Bug#1135534: libvirt-daemon: Apparmor blocks libvirt use and delete of external snapshots when non-default storage pool is used
ilGino
debian.sash087 at slmail.me
Sat May 2 11:26:32 BST 2026
Package: libvirt-daemon
Version: 12.2.0-1
Severity: normal
X-Debbugs-Cc: debian.sash087 at slmail.me
Dear Maintainer,
On a debian unstable using libvirt-daemon 12.2 which recently resolved similar bugs #932456 #1061725 #1093955.
But this appears to have resolved only if the default /var/lib/libvirt/images storage pool is used.
To reproduce the issue:
1. in virt-manager create new non-default storage pool of type 'dir', for example /test/newpool/
2. create or clone a VM with qcow2 volume on /test/newpool/
3. create an external snapshot, result OK
4. start VM, result fail with Apparmor deny
5. delete external snapshot via virt-manager, or via virsh snapshot-delete, same result fail with Apparmor deny
To double-check that it is not a filesystem persmission issue:
1. (not relevant)
2. create or clone a VM with qcow2 volume on default /var/lib/libvirt/images/ storage pool
3. create an external snapshot, result OK
4. start VM, result OK
5. stop VM, delete external snapshot via virt-manager, or via virsh snapshot-delete, result OK
To workaround the issue when using non-default storage pool, I added the following rule to the bottom of /etc/apparmor.d/abstractions/libvirt-qemu
/test/newpool/* rwk,
followed by
systemctl restart apparmor
But maybe there are more elegant and secure workarounds and fixes.
Regards
ilGino
More information about the Pkg-libvirt-maintainers
mailing list