Package: libvirt-daemon Version: 10.7.0-2 Severity: normal If libvirt-daemon-driver-lxc is not installed, libvirtd logs this on startup:
libvirtd[2085]: internal error: template '/etc/apparmor.d/libvirt/TEMPLATE.lxc' does not exist … and then apparently the logic to generate AppArmor profiles for QEMU VMs and enforce them is disabled. That was not obvious to me: I thought "OK, I don't have the LXC driver installed, so sure that file is missing, it's fine" and did not guess this would break a previously working security feature. I'm under the impression that this breakage happened recently, because just a few weeks ago I had AppArmor denials break stuff for 1 of my VMs, so it must have been working back then. -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (990, 'unstable'), (2, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.10.9-amd64 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_USER Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libvirt-daemon depends on: ii libc6 2.40-2 ii libgcc-s1 14.2.0-4 ii libglib2.0-0t64 2.82.0-1 ii libtirpc3t64 1.3.4+ds-1.3 ii libvirt-common 10.7.0-2 ii libvirt-daemon-common 10.7.0-2 ii libvirt0 10.7.0-2 ii libxml2 2.12.7+dfsg-3+b1 ii logrotate 3.22.0-1 Versions of packages libvirt-daemon recommends: ii libvirt-daemon-driver-interface 10.7.0-2 ii libvirt-daemon-driver-lxc 10.7.0-2 ii libvirt-daemon-driver-network 10.7.0-2 ii libvirt-daemon-driver-nodedev 10.7.0-2 ii libvirt-daemon-driver-nwfilter 10.7.0-2 ii libvirt-daemon-driver-qemu 10.7.0-2 ii libvirt-daemon-driver-secret 10.7.0-2 ii libvirt-daemon-driver-storage 10.7.0-2 ii libvirt-daemon-driver-storage-disk 10.7.0-2 ii libvirt-daemon-driver-storage-iscsi 10.7.0-2 ii libvirt-daemon-driver-storage-logical 10.7.0-2 ii libvirt-daemon-driver-storage-mpath 10.7.0-2 ii libvirt-daemon-driver-storage-scsi 10.7.0-2 pn libvirt-daemon-driver-vbox <none> pn libvirt-daemon-driver-xen <none> ii libvirt-daemon-lock 10.7.0-2 ii libvirt-daemon-log 10.7.0-2 ii libvirt-daemon-plugin-lockd 10.7.0-2 ii libvirt-daemon-plugin-sanlock 10.7.0-2 Versions of packages libvirt-daemon suggests: pn libvirt-daemon-driver-storage-gluster <none> pn libvirt-daemon-driver-storage-iscsi-direct <none> pn libvirt-daemon-driver-storage-rbd <none> pn libvirt-daemon-driver-storage-zfs <none> ii libvirt-daemon-system 10.7.0-2 -- no debconf information
