Again at: sudo virsh start yakkety-doubleseclabel error: Failed to start domain yakkety-doubleseclabel error: internal error: cannot load AppArmor profile 'libvirt-8746b00d-aad1-4346-8784-2d4331465153'
In the log I found the related: Okt 27 13:45:50 horsea libvirtd[10370]: internal error: Child process (LIBVIRT_LOG_OUTPUTS=3:stderr /usr/lib/libvirt/virt-aa-helper -p 0 -r -u libvirt-8746b00d-aad1-4346-8784-2d4331465153) unexpected exit status 1: 2016-10-27 13:45:20.873+0000: 10640: info : libvirt version: 2.1.0, package: 1ubuntu10~ppa3 (Christian Ehrhardt <christian.ehrha...@canonical.com> Mon, 24 Oct 2016 14:21:36 +0200) 2016-10-27 13:45:20.873+0000: 10640: info : hostname: horsea 2016-10-27 13:45:20.873+0000: 10640: error : virSecurityLabelDefParseXML:6473 : XML error: security label is missing virt-aa-helper: error: could not parse XML virt-aa-helper: error: could not get VM definition Okt 27 13:45:50 horsea libvirtd[10370]: internal error: cannot load AppArmor profile 'libvirt-8746b00d-aad1-4346-8784-2d4331465153' Okt 27 13:45:50 horsea virtlogd[7706]: End of file while reading data: Input/output error I also found that adding dac alone is enough to trigger: $ virsh dumpxml yakkety-doubleseclabel | grep -A 20 '<seclabel' <seclabel type='dynamic' model='apparmor' relabel='yes'/> <seclabel type='dynamic' model='dac' relabel='yes'/> </domain> => Failing $ virsh dumpxml yakkety-sec-app | grep -A 20 seclabel <seclabel type='dynamic' model='apparmor' relabel='yes'/> </domain> => Working $ virsh dumpxml yakkety-sec-dac | grep -A 20 seclabel <seclabel type='dynamic' model='dac' relabel='yes'/> </domain> => Failing just as much as case 1, maybe because apparmor is default on. Trying to check the /usr/lib/libvirt/virt-aa-helper in those cases, but since it is not meant to be called directly that is a bit tricky. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1633207 Title: VM fails to start with dac security driver added To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1633207/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs