Interestingly, /etc/apparmor.d/libvirt/libvirt-$uuid.files does have an entry allowing rw to the destination path:
"/mnt/x/x.qcow2" rw,
but still I get
Nov 6 21:29:47 kvm-s1 kernel: [ 1432.501141] type=1400 audit(1383769787.515:60): apparmor="STATUS" operation="profile_replace" parent=1382 profile="unconfined" name="libvirt-5d349701-09af-42be-b1b4-ef4b31de5792" pid=1383 comm="apparmor_parser" Nov 6 21:29:47 kvm-s1 kernel: [ 1432.502753] type=1400 audit(1383769787.515:61): apparmor="DENIED" operation="open" parent=1 profile="libvirt-5d349701-09af-42be-b1b4-ef4b31de5792" name="/mnt/x/x.qcow2" pid=1285 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=107 ouid=107
Interestingly, /etc/apparmor. d/libvirt/ libvirt- $uuid.files does have an
entry allowing rw to the destination path:
"/mnt/x/x.qcow2" rw,
but still I get
Nov 6 21:29:47 kvm-s1 kernel: [ 1432.501141] type=1400 audit(138376978 7.515:60) : apparmor="STATUS" operation= "profile_ replace" parent=1382 profile= "unconfined" name="libvirt- 5d349701- 09af-42be- b1b4-ef4b31de57 92" pid=1383 comm="apparmor_ parser" 7.515:61) : apparmor="DENIED" operation="open" parent=1 profile= "libvirt- 5d349701- 09af-42be- b1b4-ef4b31de57 92" name="/ mnt/x/x. qcow2" pid=1285 comm="qemu- system- x86" requested_mask="r" denied_mask="r" fsuid=107 ouid=107
Nov 6 21:29:47 kvm-s1 kernel: [ 1432.502753] type=1400 audit(138376978