virsh snapshot-create-as gives "unable to execute QEMU command `transaction`"
I have an Ubuntu 12.04 Server that hosts several virtual machines. I want to make backups of these VM's using the snapshot mechanism.
The purpose of these snapshots is to have a backup on an external device. I am currently trying to simply create the backup in /var/tmp.
When I type
sudo virsh snapshot-create-as test-vm --memspec /var/tmp/test-vm-snapshot
I get the message
error: internal error: unable to execute QEMU command 'transaction': Could not open '/var/lib/libvirt/images/test-vm.img': Permission denied
I tried to solve this by temporarily giving read/write permissions (chmod og+rw) but then I get the same message.
I read that this is due to AppArmor, and this seems to be confirmed by the syslog. However, if I temporarily stop AppArmor, I still get the same error message, and the same entries in the syslog.
How can I create an internal backup of a VM to a specific file?
Solution 1:
To get AppArmor (temporarily) out of the picture, I used aa-complain
, which tells AppArmor to not enforce it's policy on some processes, but still make an entry in the log. This required sudo apt-get install apparmor-utils
.
First, I used sudo aa-status
to see which processes were in "enforced" mode. These relevant processes were libvirtd and the VM.
Then I set these to "complain" mode and made the snapshot:
sudo aa-complain /usr/sbin/libvirtd
sudo aa-complain /etc/apparmor.d/libvirt/libvirt-20683be9-691f-42f2-9fd7-7f44ab423c1e
sudo virsh snapshot-create-as test-vm --memspec /var/tmp/test-vm-snapshot
In this way, a file "test-vm-snapshot" was created in /var/tmp.
Afterwards, I used sudo aa-enforce
to put these processes back in "enforce" mode.
But why /etc/init.d/apparmor stop
didn't help, while the much more subtle aa-complain
did, is still beyond me...