“error: internal error: unable to execute QEMU command ‘transaction’: Could not create file: Permission denied” when creating a snapshot under KVM

debian buster brings apparmor. apparmor brings problems – eg it’s too restrictive for libvirt KVM guests and does not allow KVM to create snapshot-related files in VM’s folders.

root@virt1:~# virsh snapshot-create-as --domain rtr0b -name backup-rtr0 --no-metadata --atomic --disk-only --diskspec vda,snapshot=external --diskspec vdb,snapshot=external
error: internal error: unable to execute QEMU command 'transaction': Could not create file: Permission denied

so far i did not find a clean and generic way to address it so i had to disable apparmor for libvirt by adding security_driver = “none” in /etc/libvirt/qemu.conf ; vm-specific solutions that i’ve found are described here and here.

i hope to eventually find a proper way of relaxing security settings so apparmor is still on for libvirt yet snapshot files can be created.

Leave a Reply

Your email address will not be published. Required fields are marked *

 

(Spamcheck Enabled)