/etc/apparmor.d/usr.sbin.libvirt is the stock as installed via libvirt-bin at 1.2.8-0ubuntu4 . I've made no changes to /etc/apparmor.d/abstractions/libvirt-qemu running virsh start as show above does add the following to dmesg:
[394460.246874] audit_printk_skb: 6 callbacks suppressed [394460.246878] audit: type=1400 audit(1412090246.041:126): apparmor="STATUS" operation="profile_load" profile="unconfined" name="libvirt-de3582cd-f37d-484c-8dde-10727cad60c0" pid=1838 comm="apparmor_parser" [394460.247104] audit: type=1400 audit(1412090246.041:127): apparmor="STATUS" operation="profile_load" profile="unconfined" name="qemu_bridge_helper" pid=1838 comm="apparmor_parser" [394460.298262] audit: type=1400 audit(1412090246.093:128): apparmor="DENIED" operation="open" profile="libvirt-de3582cd-f37d-484c-8dde-10727cad60c0" name="/sys/firmware/devicetree/base/cpus/" pid=1840 comm="qemu-system-ppc" requested_mask="r" denied_mask="r" fsuid=107 ouid=0 [394460.298293] audit: type=1400 audit(1412090246.093:129): apparmor="DENIED" operation="open" profile="libvirt-de3582cd-f37d-484c-8dde-10727cad60c0" name="/sys/firmware/devicetree/base/cpus/" pid=1840 comm="qemu-system-ppc" requested_mask="r" denied_mask="r" fsuid=107 ouid=0 [394460.298307] audit: type=1400 audit(1412090246.093:130): apparmor="DENIED" operation="open" profile="libvirt-de3582cd-f37d-484c-8dde-10727cad60c0" name="/sys/firmware/devicetree/base/cpus/" pid=1840 comm="qemu-system-ppc" requested_mask="r" denied_mask="r" fsuid=107 ouid=0 [394460.298321] audit: type=1400 audit(1412090246.093:131): apparmor="DENIED" operation="open" profile="libvirt-de3582cd-f37d-484c-8dde-10727cad60c0" name="/sys/firmware/devicetree/base/cpus/" pid=1840 comm="qemu-system-ppc" requested_mask="r" denied_mask="r" fsuid=107 ouid=0 [394460.298353] audit: type=1400 audit(1412090246.093:132): apparmor="DENIED" operation="open" profile="libvirt-de3582cd-f37d-484c-8dde-10727cad60c0" name="/sys/firmware/devicetree/base/cpus/" pid=1840 comm="qemu-system-ppc" requested_mask="r" denied_mask="r" fsuid=107 ouid=0 [394460.298366] audit: type=1400 audit(1412090246.093:133): apparmor="DENIED" operation="open" profile="libvirt-de3582cd-f37d-484c-8dde-10727cad60c0" name="/sys/firmware/devicetree/base/cpus/" pid=1840 comm="qemu-system-ppc" requested_mask="r" denied_mask="r" fsuid=107 ouid=0 [394460.298379] audit: type=1400 audit(1412090246.093:134): apparmor="DENIED" operation="open" profile="libvirt-de3582cd-f37d-484c-8dde-10727cad60c0" name="/sys/firmware/devicetree/base/cpus/" pid=1840 comm="qemu-system-ppc" requested_mask="r" denied_mask="r" fsuid=107 ouid=0 [394460.298393] audit: type=1400 audit(1412090246.093:135): apparmor="DENIED" operation="open" profile="libvirt-de3582cd-f37d-484c-8dde-10727cad60c0" name="/sys/firmware/devicetree/base/cpus/" pid=1840 comm="qemu-system-ppc" requested_mask="r" denied_mask="r" fsuid=107 ouid=0
/etc/apparmor. d/usr.sbin. libvirt is the stock as installed via libvirt-bin at 1.2.8-0ubuntu4 . d/abstractions/ libvirt- qemu
I've made no changes to /etc/apparmor.
running virsh start as show above does add the following to dmesg:
[394460.246874] audit_printk_skb: 6 callbacks suppressed 6.041:126) : apparmor="STATUS" operation= "profile_ load" profile= "unconfined" name="libvirt- de3582cd- f37d-484c- 8dde-10727cad60 c0" pid=1838 comm="apparmor_ parser" 6.041:127) : apparmor="STATUS" operation= "profile_ load" profile= "unconfined" name="qemu_ bridge_ helper" pid=1838 comm="apparmor_ parser" 6.093:128) : apparmor="DENIED" operation="open" profile= "libvirt- de3582cd- f37d-484c- 8dde-10727cad60 c0" name="/ sys/firmware/ devicetree/ base/cpus/ " pid=1840 comm="qemu- system- ppc" requested_mask="r" denied_mask="r" fsuid=107 ouid=0 6.093:129) : apparmor="DENIED" operation="open" profile= "libvirt- de3582cd- f37d-484c- 8dde-10727cad60 c0" name="/ sys/firmware/ devicetree/ base/cpus/ " pid=1840 comm="qemu- system- ppc" requested_mask="r" denied_mask="r" fsuid=107 ouid=0 6.093:130) : apparmor="DENIED" operation="open" profile= "libvirt- de3582cd- f37d-484c- 8dde-10727cad60 c0" name="/ sys/firmware/ devicetree/ base/cpus/ " pid=1840 comm="qemu- system- ppc" requested_mask="r" denied_mask="r" fsuid=107 ouid=0 6.093:131) : apparmor="DENIED" operation="open" profile= "libvirt- de3582cd- f37d-484c- 8dde-10727cad60 c0" name="/ sys/firmware/ devicetree/ base/cpus/ " pid=1840 comm="qemu- system- ppc" requested_mask="r" denied_mask="r" fsuid=107 ouid=0 6.093:132) : apparmor="DENIED" operation="open" profile= "libvirt- de3582cd- f37d-484c- 8dde-10727cad60 c0" name="/ sys/firmware/ devicetree/ base/cpus/ " pid=1840 comm="qemu- system- ppc" requested_mask="r" denied_mask="r" fsuid=107 ouid=0 6.093:133) : apparmor="DENIED" operation="open" profile= "libvirt- de3582cd- f37d-484c- 8dde-10727cad60 c0" name="/ sys/firmware/ devicetree/ base/cpus/ " pid=1840 comm="qemu- system- ppc" requested_mask="r" denied_mask="r" fsuid=107 ouid=0 6.093:134) : apparmor="DENIED" operation="open" profile= "libvirt- de3582cd- f37d-484c- 8dde-10727cad60 c0" name="/ sys/firmware/ devicetree/ base/cpus/ " pid=1840 comm="qemu- system- ppc" requested_mask="r" denied_mask="r" fsuid=107 ouid=0 6.093:135) : apparmor="DENIED" operation="open" profile= "libvirt- de3582cd- f37d-484c- 8dde-10727cad60 c0" name="/ sys/firmware/ devicetree/ base/cpus/ " pid=1840 comm="qemu- system- ppc" requested_mask="r" denied_mask="r" fsuid=107 ouid=0
[394460.246878] audit: type=1400 audit(141209024
[394460.247104] audit: type=1400 audit(141209024
[394460.298262] audit: type=1400 audit(141209024
[394460.298293] audit: type=1400 audit(141209024
[394460.298307] audit: type=1400 audit(141209024
[394460.298321] audit: type=1400 audit(141209024
[394460.298353] audit: type=1400 audit(141209024
[394460.298366] audit: type=1400 audit(141209024
[394460.298379] audit: type=1400 audit(141209024
[394460.298393] audit: type=1400 audit(141209024