Comment 0 for bug 1641618

Libvirt qemu-kvm guests backed by zvols (ZFS volumes) generate useless noise due to virt-aa-helper trying to read the backing device in the host (/dev/zdX). Other host's devs are already denied in virt-aa-helper's profile:

  # for hostdev
  /sys/devices/ r,
  /sys/devices/** r,
  /sys/bus/usb/devices/ r,
  /sys/bus/usb/devices/** r,
  deny /dev/sd* r,
  deny /dev/dm-* r,
  deny /dev/mapper/ r,
  deny /dev/mapper/* r,

Adding "deny /dev/zd[0-9]* r," would silence Apparmor.