Comment 23 for bug 1432644

George, if you want to allow the lttng accesses, edit /etc/apparmor.d/libvirt/TEMPLATE and the other similar profiles in /etc/apparmor.d/libvirt/ and add:

  /run/shm/lttng-ust-wait-5 rw,

Then run apparmor_parser --replace $(ls -1 /etc/apparmor.d/libvirt/libvirt* | grep -v files)

This does allow for cross-domain contamination. If you want to deny these accesses instead you can prepend "deny" to that rule above; I don't know if libvirt handles that gracefully or not, but it would prevent cross-domain contamination.

Thanks