[libvirt-users] Hotplug of disk devices in LXC failed with libvirt of version 1.0.2

[Gao feng]

On 07/17/2013 04:15 PM, Gao feng wrote:
> On 07/16/2013 01:29 PM, Guan Qiang wrote:
>> 于 2013/7/15 17:32, Gao feng 写道:
>>> On 07/15/2013 05:18 PM, hzguanqiang wrote:
>>>> Hi, Gao Feng
>>>>
>>>> I've tried what you said, but still exists the problem:
>>>>
>>>> ubuntu at lxc:~$ vir attach-disk instance-0000002c   /dev/dm-0 sdb
>>>> error: Failed to attach disk
>>>> error: Unable to create device /proc/10366/root/dev/sdb: Permission denied
>>>>
>>>> I think finding what it means by saying 'Unable to create device /proc/10366/root/dev/sdb: Permission denied' is the key.
>>>> But anyway, thanks for your help!
>>>>
>>> Do you have <idmap> configured for your lxc domain?
>>> I just posted a patchset to fix the problem that failed to create device when user namespace enabled.
>>>
>>> BTW, does it work well if you directly write the configuration to the xml of lxc domain?
>>>
>>> Thanks
>> Hi, Gao feng,
>>
>> I tried to write the configuration in the xml as you said, and it works.
>>
>> And I didn't set <idmap> configure for my lxc domain.  The xml content of my lxc domain is just as following:
>>
> ...
>> I still don't understand why I can't hotplug attach disk device for the lxc domain.
>> Expect more detailed answer, Thanks!
>>
> 
> it's because apparmor deny libvirt to create device node under directory /proc/10366/root/dev/.
> 
> I don't know if this will help you, you can have a try.
> 
> change the apparmor profile of libvirtd. check the /etc/apparmor.d/usr.sbin.libvirtd,
> and add /proc/ rw.

ln -s /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable/ & /etc/init.d/apparmor restart should work,
but libvirtd will run out of apparmor's control.