Comment 6 for bug 1513367

Can you show which libvirt version you are using?

Can you show the results of:

ls -l /etc/apparmor.d/libvirt
ls -l /proc /proc/self /proc/self/attr

And then the following manual test:

cd /tmp
cat > testprofile << EOF
        profile i_cant_be_trusted_anymore {
            /etc/ld.so.cache mr,
            /lib/ld-*.so* mrix,
            /lib/libc*.so* mr,
            /usr/bin/head ix,
        }
EOF
cat > aa_change_profile << EOF
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/apparmor.h>

int main()
{
 errno = 0;
 int ret = aa_change_profile("i_cant_be_trusted_anymore");
 printf("aa_change_profile returned %d %d\n", ret, errno);
 ret = system("/bin/bash");
 printf("bash returned %d %d\n", ret, errno);
}
EOF

apparmor_parser /tmp/testprofile
sudo apt-get -y install libapparmor-dev
gcc -o aa_change_profile aa_change_profile.c -lapparmor
sudo ./aa_change_profile
sudo strace -f ./aa_change_profile