But in the long run we can't rely on either libvirt.conf nor anything else - as there are many places that can define the connection URL. Like ENV overrides and such, there might even be multiple libvirts running, so we can't just trial&error through the usual paths.
But for now on these experiments I'll allow that access.
Indeed the read to /etc/libvirt/ libvirt. conf is from the call to virDomainDiskTr anslateSourcePo ol as I have assumed above.
[ 628.266012] audit: type=1400 audit(159048755 5.258:74) : apparmor="DENIED" operation="open" profile= "virt-aa- helper" name="/ etc/libvirt/ libvirt. conf" pid=3683 comm="virt- aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
But in the long run we can't rely on either libvirt.conf nor anything else - as there are many places that can define the connection URL. Like ENV overrides and such, there might even be multiple libvirts running, so we can't just trial&error through the usual paths.
But for now on these experiments I'll allow that access.