Unfortunately, the error reporting in libvirt didn't make this easier, but the problem can be seen clearly with: $ cat /tmp/kolab-new.xml | /usr/lib/libvirt/virt-aa-helper -c --dryrun -u libvirt-79b2a347-7841-39df-8399-c072b05e7f6f libvir: Storage error : cannot open file '/libvirt/kolab.img': No such file or directory virt-aa-helper: warning: could not open path, skipping virt-aa-helper: warning: path does not exist, skipping file type checks virt-aa-helper: error: /libvirt/kolab.img virt-aa-helper: error: skipped restricted file virt-aa-helper: error: invalid VM definition
What is happening is that virt-aa-helper does some checks to make sure the image is in an ok place, and if it isn't, fails. Because you chose '/libvirt/kolab.img', this matches as a restricted path, as seen in virt-aa-helper.c: ... valid_path(const char *path, const bool readonly) { ... const char * const restricted[] = { "/bin/", "/etc/", "/lib", "/lost+found/", ... '/lib' is used instead of '/lib/' since we also want to match /lib32, /lib64 and anything else that might be a library path. As such, I am going to mark this as "Won't Fix" for now, but have made a note to improve the error feedback. As a workaround, simply set your NFS mountpoint to something other than '/libvirt'. I suggest something FHS compliant such as /srv/<server name>/libvirt. Thanks for reporting this error and please feel free to report any other bugs you might find in Ubuntu. ** Changed in: libvirt (Ubuntu) Status: Incomplete => Won't Fix ** Summary changed: - libvir: Security Labeling error : error calling aa_change_profile() + virt-aa-helper fails on disks with absolute paths starting with /lib -- virt-aa-helper fails on disks with absolute paths starting with /lib https://bugs.launchpad.net/bugs/654680 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs