Ubuntu 12.04, apparmor and libvirt live external snapshots

So I was running into an issue where our Ubuntu machines would not allow live external snapshots via libvirt virsh snapshot-create-as "" --diskspec vda,file= --disk-only. *Note the lack of the “–atomic” option, which is certainly recommended in a mission-critical environment, as it ensures the snapshot completely correctly and dies if it does not — this is due to running an older version of libvirt (0.9.8) because we’re using Precise Pangolin.

agoree@computing-node-3:/var/lib/libvirt/images$ virsh snapshot-create-as fedora-guest2 snap1-fedora-guest2 "1st virsh snap of fedora-guest2" --diskspec vda,file=/var/lib/libvirt/images/snap2-fedora-guest2.img --disk-only
error: internal error unable to execute QEMU command 'blockdev-snapshot-sync': An undefined error has ocurred

The error lead me to this bug report, along with these helpful blog posts.

I ended up simply creating this file:

agoree@computing-node-3:~$ cat /etc/apparmor.d/local/abstraction-libvirt-storage 
"/var/lib/libvirt/images/*" rw,

Then added an include for it in /etc/apparmor.d/libvirt/TEMPLATE, like so:

agoree@computing-node-3:~$ cat /etc/apparmor.d/libvirt/TEMPLATE 
# This profile is for the domain whose UUID matches this file.

#include <tunables/global>

  #include <abstractions/libvirt-qemu>
  #include <local/abstraction-libvirt-storage>

After a reboot, all worked fine. Next up, using a newer libvirt version on Precise Pangolin for better live snapshot support (namely, “–atomic” option and “virsh blockpull” command to consolidate imgs/snaps).