Cockpit unable to attach second volume for guest machine

DevOps Mar 20, 2022

TL, DR. Disable AppArmor or SELinux, which will enable the volume to be mounted.

When using Cockpit to manage VMs, a problem occurs to me that it isn't able to attach a second volume. The owner group and user were also changed to root:root instead of libvirt-qemu:kvm.

I first tried to change the ownership manually using  chown, however, even if the ownership was changed, the problem still occurs, and no other solutions could be found on the internet, although some suggest changing the executor of virt-manager, still got no luck.

Help - using Cockpit to create VM's. Won't allow a second .qcow2 disk to attach [permission denied] from linuxadmin
The post from Reddit

After kept searching, I found another possible cause of the problem, the SELinux. Since I run KVM in a Ubuntu host, it inspired me to investigate the AppArmor.

Unable to start KVM virtual machines with libvirt and AppArmor
Today, I had a weird error. After a reboot without any configuration changes some of the …

This post suggests that the issue can be resolved by simply removing the AppArmor profile, I did so, and it works perfectly from the start. But then I discovered all the other VMs won't start. Finally and desperately, I disabled the AppArmor for KVM.

Libvirt · Wiki · AppArmor / apparmor
The AppArmor user space development project.

The security will surely decrease and I'm sure it is not a proper solution for this problem. But I think this post may provide some insights for other amateurs like me when having this problem occurs. And I might take some time to learn AppArmor for thinking about a better solution later on.