Make scripts work with Ubuntu apparmor

[kayrus]

Running scripts without sudo with the images directory inside user homedir causes this error message:

Starting install...
ERROR    internal error: process exited while connecting to monitor: qemu-system-x86_64: -drive file=/home/user/.libvirt/centos/centos1.qcow2,if=none,id=drive-virtio-disk0,format=qcow2: could not open disk image /home/user/.libvirt/centos/centos1.qcow2: Could not open backing file: Could not open '/home/user/.libvirt/centos/CentOS-7-x86_64-GenericCloud.img': Permission denied

Even when this directory has read permissions.

These commands resolve the issue:

$ sudo apt-get install apparmor-profiles apparmor-utils
$ sudo aa-complain /usr/lib/libvirt/virt-aa-helper

[kayrus]

Some info could be found here https://libvirt.org/drvqemu.html#securitysvirtaa

[kayrus]

Looks like problem relates to this issue: https://www.redhat.com/archives/libvir-list/2014-September/msg00466.html and this: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/656173

Image probing doesn't work even when you set allow_disk_format_probing = 1 inside /etc/libvirt/qemu.conf

[kayrus]

Workaround:

echo "  /home/user/.libvirt/**/** r," | sudo tee -a /etc/apparmor.d/abstractions/libvirt-qemu

[kayrus]

If we use ~/libvirt instead of ~/.libvirt - apparmor works. This is caused by /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper rule which denies any access to the hidden (dot-prefixed) files audit deny @{HOME}/.*/** mrwkl.

So the fix is to rename ".libvirt" dir into "libvirt" one. And it is not necessary to enable allow_disk_format_probing = 1. Fixed here: https://github.com/kayrus/scripts/commit/fd6188a083ed707b3915dbe6cf9057f84c58f6fe

[kayrus]

Also relates to: https://github.com/adrahon/vagrant-kvm/issues/130