<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <style type="text/css" style="display:none;"></style> </head> <body dir="ltr"> <div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif;" dir="ltr"> Hello, I'm running libvirt 3.1.0 on a Debian 8 server. I installed apparmor and configured libvirt to use apparmor as security driver. After booting a VM, virsh dumpxml shows an apparmor seclabel. As soon as I try to attach a second disk to the VM, apparmor blocks this. virsh attach-device test-vps /tmp/virshXmlDefinition error: Failed to attach device from /tmp/virshXmlDefinition error: operation failed: Could not open '/mnt/images/disk2.raw': Permission denied Syslogs shows me the following: Mar 22 17:45:20 vps0 kernel: [1136647.318314] audit: type=1400 audit(1490201120.577:30): apparmor="DENIED" operation="open" profile="libvirt-5747e4db-a3b7-fd69-ca89-00007b0bf859" name="/mnt/images/disk2.raw" pid=13453 comm="kvm" requested_mask="r" denied_mask="r" fsuid=996 ouid=33 Mar 22 17:45:20 vps0 kernel: [1136647.325155] audit: type=1400 audit(1490201120.577:31): apparmor="DENIED" operation="open" profile="libvirt-5747e4db-a3b7-fd69-ca89-00007b0bf859" name="/mnt/images/disk2.raw" pid=13453 comm="kvm" requested_mask="rw" denied_mask="rw" fsuid=996 ouid=33 Mar 22 17:45:20 vps0 libvirtd[10282]: 2017-03-22 16:45:20.596+0000: 10283: error : qemuMonitorTextAddDrive:1968 : operation failed: Could not open '/mnt/images/disk2.raw': Permission denied In the VM specific apparmor file /etc/apparmor.d/libvirt/libvirt-5747e4db-a3b7-fd69-ca89-00007b0bf859.files I see: "/mnt/images/disk1.raw" rw, Which is my primary VM disk, I expected a virsh attach-device to append /mnt/images/disk2.raw to this file and reload/refresh the apparmor profile? I'm not able to attach a live disk to a running VM with apparmor. Am I missing something? Or is this a bug/missing feature in libvirt? Thanks, Frank </div> </body> </html>