On 16/08/2018 10:38, Peter Krempa wrote: > To fix this you should record the backing format [1] into your overlay > image. If we'd relax the code we'd face the regression in the security > fix we've done. > > [1] qemu-img creage -f qcow2 -F qcow2 -b backing-qcow2 overlay.qcow2 > > -F option specifies the format of the backing file > Thanks a lot for your explanation, now I see that my proposal does not make any sense. Your suggestion works fine and virt-aa-helper produces correct output. Do you think this situation should ideally be diagnosed by higher-level tools such as virt-manager which right now emit a generic permission denied error? Maybe virt-aa-helper could also emit a comment into the apparmor profile saying something like "image.img has a backing image xyz.img but it was not probed because its format is not recorded into the overlay image"? Regards, Povilas -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
