我有带 qemu/kvm 的 Ubuntu 服务器。我尝试使用 libvirt 创建快照(用于进一步备份)并收到此错误:
# virsh snapshot-create-as --domain 56 --name copy_snap --no-metadata --disk-only --atomic --diskspec vda,snapshot=external,file=/path/to/snapshot
error: internal error: cannot update AppArmor profile 'libvirt-429060e6-88af-4515-b028-e5c9493a926a'
在日记中:
# journalctl -f
Dec 10 16:09:02 gamma libvirtd[23795]: internal error: Child process (/usr/lib/libvirt/virt-aa-helper -p 0 -r -u libvirt-429060e6-88af-4515-b028-e5c9493a926a -f /home/v.pastushenko/wiki.snap) unexpected exit status 1: virt-aa-helper: error: /var/lib/libvirt/qemu/channel/target/C7-Wiki.org.qemu.guest_agent.0
virt-aa-helper: error: skipped restricted file
virt-aa-helper: error: invalid VM definition
Dec 10 16:09:02 gamma libvirtd[23795]: internal error: cannot update AppArmor profile 'libvirt-429060e6-88af-4515-b028-e5c9493a926a'
Dec 10 16:09:02 gamma libvirtd[23795]: internal error: Child process (/usr/lib/libvirt/virt-aa-helper -p 0 -r -u libvirt-429060e6-88af-4515-b028-e5c9493a926a) unexpected exit status 1: virt-aa-helper: error: /var/lib/libvirt/qemu/channel/target/C7-Wiki.org.qemu.guest_agent.0
virt-aa-helper: error: skipped restricted file
virt-aa-helper: error: invalid VM definition
Dec 10 16:09:02 gamma libvirtd[23795]: internal error: cannot update AppArmor profile 'libvirt-429060e6-88af-4515-b028-e5c9493a926a'
在 dmesg 日志中我没有看到来自 AppArmor 的任何拒绝消息。
软件版本:
# uname -a
Linux gamma 3.19.0-30-generic #34-Ubuntu SMP Fri Oct 2 22:08:41 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
# kvm --version
QEMU emulator version 2.2.0 (Debian 1:2.2+dfsg-5expubuntu9.6), Copyright (c) 2003-2008 Fabrice Bellard
# dpkg -l | grep libvirt-bin
ii libvirt-bin 1.2.12-0ubuntu14.2 amd64 programs for the libvirt library
我认为我需要向 AppArmor 添加一些规则,以允许 libvirt 更新其配置文件。但我对 dmesg 中缺少审计日志感到困惑。有人知道如何解决这个问题吗?
答案1
您的 libvirt 版本似乎已过时或安装不正确:最新版本的发行版中包含 app armor 配置脚本。请检查 /etc/apparmor.d/libvirt/ 中是否有文件