While adding this to /etc/apparmor.d/abstractions/libvirt-qemu certainly is a viable workaround:
/var/lib/libvirt/qemu/channel/target/* rw,
it is not the proper fix because it breaks guest isolation (guests can access other guests target files). Seems like virt-aa-helper should be adjusted to ascertain the name of the 'target' and update /etc/apparmor.d/libvirt/libvirt-<uuid>.files accordingly.
While adding this to /etc/apparmor. d/abstractions/ libvirt- qemu certainly is a viable workaround: lib/libvirt/ qemu/channel/ target/ * rw,
/var/
it is not the proper fix because it breaks guest isolation (guests can access other guests target files). Seems like virt-aa-helper should be adjusted to ascertain the name of the 'target' and update /etc/apparmor. d/libvirt/ libvirt- <uuid>. files accordingly.