Cockpit unable to attach second volume for guest machine

DevOps Mar 20, 2022

TL, DR. Disable AppArmor or SELinux, that will enables the volume to be mounted.

When using Cockpit to manage VMs, a problem occurs to me that it isn't able to attach a second volume. The owner group and user was also changed to root:root instead of libvirt-qemu:kvm.

I first tried to change the ownership manually using  chown, however, even if the ownership was changed, the problem still occurs, and no other solutions could be found on the internet, although some suggests to change the executer of virt-manager, but still got no luck.

Help - using Cockpit to create VM's. Won't allow a second .qcow2 disk to attach [permission denied] from linuxadmin
The post from Reddit

After kept searching, I found another possible cause of the problem, the SELinux. Since I run kvm in a Ubuntu host, it inspired me to investigate the AppArmor.

Unable to start KVM virtual machines with libvirt and AppArmor
Today, I had a weird error. After a reboot without any configuration changes some of the …

This post suggest that the issue can be resolved by simply remove the AppArmor profile, I did so, and it works perfectly on the start. But then I discovered all the other VMs won't starting. Finally and desperately, I disabled the AppArmor for KVM.

Libvirt · Wiki · AppArmor / apparmor
The AppArmor user space development project.

The security will surely decrease and I'm sure it is not a proper solution for this problem. But I think this post may provides some insights for other amaeturs like me when having this problem occurs. And I might take some time to learn AppArmor for thinking about a better solution later on.

Tags

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.