While debugging I found the first level of oddities that I'll continue on and hopefully gives us a solution (or at least eliminate one roadblock).
I think I found that things work with the error described in the bug on Xenial->Yakkety upgraded systems. But on all others I see: error: unsupported configuration: Unable to find security driver for model apparmor That would explain the reproducibility fuzz a bit. After realizing that I checked logs: internal error: template '/etc/apparmor.d/libvirt/TEMPLATE.qemu' does not exist internal error: template '/etc/apparmor.d/libvirt/TEMPLATE.qemu' does not exist unsupported configuration: Security driver apparmor not enabled internal error: template '/etc/apparmor.d/libvirt/TEMPLATE.qemu' does not exist Now checking for those files is even more strange. $ dpkg -S /etc/apparmor.d/libvirt/TEMPLATE.qemu libvirt-daemon-system: /etc/apparmor.d/libvirt/TEMPLATE.qemu sudo apt-get install --reinstall libvirt-daemon-system ll /etc/apparmor.d/libvirt/TEMPLATE.qemu ls: cannot access '/etc/apparmor.d/libvirt/TEMPLATE.qemu': No such file or directory I guess we have those things here: 1. no proper handling of conffile changes due to the switch to the upstream provided apparmor profiles 2. on upgraded systems old&new somehow conflict 3. on new Yakkety apparmor seclabel doesn't work at all Going on with debugging tomorrow. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1633207 Title: VM fails to start with dac security driver added To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1633207/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
