Unix Like

qemu with pool/volume storage: Could not open ‘xxxxxxx’: Permission denied

volume信息:

# virsh vol-list test
 Name                 Path                                    
------------------------------------------------------------------------------
 test.qcow2           /virt/test.qcow2

虚拟机disk配置:

# virsh dumpxml Test
...
    <disk type='volume' device='disk'>
      <driver name='qemu' type='qcow2'/>
      <source pool='test' volume='test.qcow2'/>
      <target dev='vda' bus='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
    </disk>
...

启动虚拟机:

# virsh start Test
error: Failed to start domain Test
error: internal error: process exited while connecting to monitor: 2019-02-06T12:54:47.722297Z qemu-system-x86_64: -drive file=/virt/test.qcow2,format=qcow2,if=none,id=drive-virtio-disk0: Could not open '/virt/test.qcow2': Permission denied

查看syslog:

# cat /var/log/syslog
...
kernel: [ 6551.331932] audit: type=1400 audit(1549457961.800:209): apparmor="DENIED" operation="open" profile="libvirt-5831a051-78ee-43b4-a15d-6e520b1b3ab7" name="/virt/test.qcow2" pid=27204 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
...

似乎没找比较好的方法解决此问题。

一个选择是弃用type=’volume’,改成type=’file’。

另一种选择是关闭apparmor:

# vim /etc/libvirt/qemu.conf
...
security_driver = "none"
...
# systemctl restart libvirtd

 

105 Posts

自信、努力、活出精彩;以前未所见的颜色,绘大千世界!
View all posts

Leave a reply

Your email address will not be published. Required fields are marked *