Comment 3 for bug 1881969

I'd agree and work on adding the rule upstream and into Ubuntu, but what I need to to do is help to understand "why this triggers for you".

I run libvirt locally and in many tests, but so far have never seen this apparmor denial.
Although if it is a non fatal bug it is easier to miss ...

The linked Debian bug (thanks paride) has a bit more details how to trigger.
But the bug also is almost a year old and no one else has hit this, ... that is odd.

I've set up a L1 guest with an extra disk as scsi disk
 44 <disk type='file' device='disk'>
 45 <driver name='qemu' type='qcow2'/>
 46 <source file='/var/lib/uvtool/libvirt/images/testguest-scsi-ephem-00.qcow'/>
 47 <target dev='sda' bus='scsi'/>
 48 <address type='drive' controller='0' bus='0' target='0' unit='0'/>
 49 </disk>
...
100 <controller type='scsi' index='0' model='virtio-scsi'>
101 <address type='pci' domain='0x0000' bus='0x0a' slot='0x01' function='0x0'/>
102 </controller>

In the guest that appears as scsi disk, here from lshw:
  *-scsi
       description: SCSI storage controller
       product: Virtio SCSI
       vendor: Red Hat, Inc.
       physical id: 1
       bus info: pci@0000:07:01.0
       version: 00
       width: 64 bits
       clock: 33MHz
       capabilities: scsi msix bus_master cap_list
       configuration: driver=virtio-pci latency=0
       resources: irq:23 ioport:c000(size=64) memory:fc000000-fc000fff memory:fe000000-fe003fff
  *-disk
       description: SCSI Disk
       product: QEMU HARDDISK
       vendor: QEMU
       physical id: 0.0.0
       bus info: scsi@0:0.0.0
       logical name: /dev/sda
       version: 2.5+
       size: 4GiB (4294MB)
       capabilities: 5400rpm
       configuration: ansiversion=5 logicalsectorsize=512 sectorsize=512
  *-sata
       description: SATA controller
       product: 82801IR/IO/IH (ICH9R/DO/DH) 6 port SATA Controller [AHCI mode]
       vendor: Intel Corporation
       physical id: 1f.2
       bus info: pci@0000:00:1f.2
       version: 02
       width: 32 bits
       clock: 33MHz
       capabilities: sata msi ahci_1.0 bus_master cap_list
       configuration: driver=ahci latency=0
       resources: irq:41 ioport:d060(size=32) memory:fd41b000-fd41bfff

Using that to define another guest:
        <disk type='block' device='disk'>
                <driver name='qemu' type='raw'/>
                <source dev='/dev/sda'/>
                <target dev='sda' bus='scsi'/>
        </disk>
        <controller type='scsi' index='0' model='virtio-scsi'/>

But with that the guest starts fine and no apparmor denial shows up.
Could you help by outlining how you configure your host and guest so that this issue triggers.

Only then we have a use case that we can tie to the new apparmor rule to allow this.