I have an Ubuntu 12.04 Server that hosts several virtual machines. I want to make backups of these VM's using the snapshot mechanism.
The purpose of these snapshots is to have a backup on an external device. I am currently trying to simply create the backup in /var/tmp.
When I type
sudo virsh snapshot-create-as test-vm --memspec /var/tmp/test-vm-snapshot
I get the message
error: internal error: unable to execute QEMU command 'transaction': Could not open '/var/lib/libvirt/images/test-vm.img': Permission denied
I tried to solve this by temporarily giving read/write permissions (chmod og+rw) but then I get the same message.
I read that this is due to AppArmor, and this seems to be confirmed by the syslog. However, if I temporarily stop AppArmor, I still get the same error message, and the same entries in the syslog.
How can I create an internal backup of a VM to a specific file?
Best Answer
To get AppArmor (temporarily) out of the picture, I used
aa-complain
, which tells AppArmor to not enforce it's policy on some processes, but still make an entry in the log. This requiredsudo apt-get install apparmor-utils
.First, I used
sudo aa-status
to see which processes were in "enforced" mode. These relevant processes were libvirtd and the VM. Then I set these to "complain" mode and made the snapshot:In this way, a file "test-vm-snapshot" was created in /var/tmp.
Afterwards, I used
sudo aa-enforce
to put these processes back in "enforce" mode.But why
/etc/init.d/apparmor stop
didn't help, while the much more subtleaa-complain
did, is still beyond me...