After upgrading to busters, my VMs fail to start:
virsh --connect qemu:///system start Feigenbaum
error: Failed to start domain Feigenbaum
error: internal error: process exited while connecting to monitor:
2019-07-08T11:32:00.290494Z qemu-system-x86_64: --object
secret,id=sec0,file=/etc/libvirt/secret/Feigenbaum.secret: Unable to
read /etc/libvirt/secret/Feigenbaum.secret: Failed to open file
“/etc/libvirt/secret/Feigenbaum.secret”: Permission denied
The VMs are encrypted and /etc/libvirt/secret/ contains the key files
for decryption.
I suspect apparmor to cause the problem, thus I extended the profile:
/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper to include the following
lines:
/etc/libvirt/secrets/** rw,
/etc/libvirt/secrets/ r,
after parsing the profile with
sudo apparmor_parser -r /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper
The "premission denied" still occurs.
