Tracing and Profiling virsh should (tm) not change anything.
The Denial that was reported looks like:
apparmor="DENIED" operation="bind" profile="libvirtd" comm="libvirtd" ...
So virsh might connect to libvirtd daemon, but then the daemon does something that is denied.
If the issue is reproducible in your setup, then a good next step would be.
Assumption: let's say "virsh list" reproducibly causes the apparmor denials in dmesg
1. attach strace to the libvirt daemon process (check `systemctl status libvirtd` for the pid)
2. run "virsh list"
Report:
- the apparmor denial that was caused
- the strace output of the daemon
I'd hope we can find the call of libvirtd in that strace that causes the denial.
# Clarify what does happen #
Tracing and Profiling virsh should (tm) not change anything.
The Denial that was reported looks like:
apparmor="DENIED" operation="bind" profile="libvirtd" comm="libvirtd" ...
So virsh might connect to libvirtd daemon, but then the daemon does something that is denied.
If the issue is reproducible in your setup, then a good next step would be.
Assumption: let's say "virsh list" reproducibly causes the apparmor denials in dmesg
1. attach strace to the libvirt daemon process (check `systemctl status libvirtd` for the pid)
2. run "virsh list"
Report:
- the apparmor denial that was caused
- the strace output of the daemon
I'd hope we can find the call of libvirtd in that strace that causes the denial.