An Ubuntu pro customer has reproduced this issue on Focal that a domain user can not run 'virsh list'
domain-user@HOST:~$ virsh list --all
error: failed to connect to the hypervisor
error: End of file while reading data: Input/output error
syslog:
libvirtd[23069]: Failed to open file '/sys/kernel/security/apparmor/profiles': Permission denied
libvirtd[23069]: Failed to read AppArmor profiles list '/sys/kernel/security/apparmor/profiles': Permission denied
libvirtd[23069]: Failed to open file '/sys/kernel/security/apparmor/profiles': Permission denied
libvirtd[23069]: Failed to read AppArmor profiles list '/sys/kernel/security/apparmor/profiles': Permission denied
systemd[2928]: Started D-Bus User Message Bus.
dbus-daemon[23092]: [session uid=1000 pid=23092] AppArmor D-Bus mediation is enabled
dbus-daemon[23092]: apparmor="DENIED" operation="dbus_method_call" bus="session" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" name="org.freedesktop.DBus" pid=23069 label="libvirtd" peer_label="unconfined"
libvirtd[23069]: internal error: Unable to get DBus session bus connection: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender="(null)" (inactive) interface="org.freedesktop.DBus" member="Hello" error name="(unset)" requested_reply="0" destination="org.freedesktop.DBus" (bus)
An Ubuntu pro customer has reproduced this issue on Focal that a domain user can not run 'virsh list'
domain-user@HOST:~$ virsh list --all
error: failed to connect to the hypervisor
error: End of file while reading data: Input/output error
syslog:
libvirtd[23069]: Failed to open file '/sys/kernel/ security/ apparmor/ profiles' : Permission denied security/ apparmor/ profiles' : Permission denied security/ apparmor/ profiles' : Permission denied security/ apparmor/ profiles' : Permission denied
libvirtd[23069]: Failed to read AppArmor profiles list '/sys/kernel/
libvirtd[23069]: Failed to open file '/sys/kernel/
libvirtd[23069]: Failed to read AppArmor profiles list '/sys/kernel/
systemd[2928]: Started D-Bus User Message Bus. "dbus_method_ call" bus="session" path="/ org/freedesktop /DBus" interface= "org.freedeskto p.DBus" member="Hello" mask="send" name="org. freedesktop. DBus" pid=23069 label="libvirtd" peer_label= "unconfined" "org.freedeskto p.DBus" member="Hello" error name="(unset)" requested_reply="0" destination= "org.freedeskto p.DBus" (bus)
dbus-daemon[23092]: [session uid=1000 pid=23092] AppArmor D-Bus mediation is enabled
dbus-daemon[23092]: apparmor="DENIED" operation=
libvirtd[23069]: internal error: Unable to get DBus session bus connection: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender="(null)" (inactive) interface=
kernel: [ 184.634412] audit: type=1400 audit(169275855 4.332:50) : apparmor="DENIED" operation="capable" profile="libvirtd" pid=2483 comm="libvirtd" capability=17 capname="sys_rawio" 4.668:421) : apparmor="DENIED" operation="capable" profile="libvirtd" pid=2590 comm="libvirtd" capability=17 capname="sys_rawio" 5.712:518) : apparmor="DENIED" operation="bind" profile="libvirtd" pid=4644 comm="rpc-libvirtd" family="unix" sock_type="dgram" protocol=0 requested_ mask="bind" denied_mask="bind" addr="@userdb-a" 3.648:521) : apparmor="DENIED" operation="bind" profile="libvirtd" pid=5166 comm="rpc-libvirtd" family="unix" sock_type="dgram" protocol=0 requested_ mask="bind" denied_mask="bind" addr="@userdb-4" 3.122:523) : apparmor="DENIED" operation="bind" profile="libvirtd" pid=5279 comm="rpc-libvirtd" family="unix" sock_type="dgram" protocol=0 requested_ mask="bind" denied_mask="bind" addr="@userdb-e" 3.101:536) : apparmor="DENIED" operation="bind" profile="libvirtd" pid=5395 comm="rpc-libvirtd" family="unix" sock_type="dgram" protocol=0 requested_ mask="bind" denied_mask="bind" addr="@userdb-1" 6.123:710) : apparmor="DENIED" operation="bind" profile="libvirtd" pid=5739 comm="rpc-libvirtd" family="unix" sock_type="dgram" protocol=0 requested_ mask="bind" denied_mask="bind" addr="@userdb-7"
kernel: [ 413.761114] audit: type=1400 audit(169276019
kernel: [ 514.808354] audit: type=1400 audit(169276029
kernel: [ 522.743590] audit: type=1400 audit(169276030
kernel: [ 632.217763] audit: type=1400 audit(169276041
kernel: [ 772.196074] audit: type=1400 audit(169276055
kernel: [ 955.224553] audit: type=1400 audit(169276073
And also the customer confirmed that running below steps can fix the issue.
echo "network unix dgram," | sudo tee -a /etc/apparmor. d/local/ usr.sbin. libvirtd d/usr.sbin. libvirtd
sudo apparmor_parser -r -W -T /etc/apparmor.
sudo systemctl restart libvirtd