apparmor labelling not working with <disk type='volume'> pointing to local storage
Software environment
- Operating system: Debian testing
- Architecture: x86_64
- kernel version: 6.5.0
- libvirt version: 9.7.0
- Hypervisor and version: KVM
Description of problem
I cannot start my VM because it can't access the disk
sudo virsh start --domain home-assistant
error: Failed to start domain 'home-assistant'
error: internal error: process exited while connecting to monitor: 2023-10-07T06:59:13.664377Z qemu-system-x86_64: -blockdev {"driver":"file","filename":"/pool/zstd/vm/haos_ova_64g.qcow2","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}: Could not open '/pool/zstd/vm/haos_ova_64g.qcow2': Permission denied
voltagex@scratch:/pool/zstd/vm$ getfacl -e haos_ova_64g.qcow2
# file: haos_ova_64g.qcow2
# owner: voltagex
# group: libvirt-qemu
user::rwx
group::rwx
other::---
My user account is in the virtd
and kvm
groups although because this is a 'system' domain I didn't think this was the issue?
Steps to reproduce
- Sorry, I'm not sure - the storage pool is created by cockpit-machines but everything seems fine
Additional information
Edited by Adam Baxter