Comment 7 for bug 1696471

Sorry for the delay, I finally found some time to get back to this. This is still reproducible on current Ubuntu 17.10:

virsh define m.xml
qemu-img create -f qcow2 /var/lib/libvirt/images/subVmTest1-2.img 128M
virsh start subVmTest1

dmesg shows:

[ 319.220193] audit: type=1400 audit(1520004938.754:40): apparmor="DENIED" operation="open" profile="libvirt-269b6725-e6fb-4242-a83a-3ad286dd5efb" name="/etc/gss/mech.d/" pid=5930 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0

m.xml is attached. It's lightly edited to remove some external file and device references, to be more or less self-contained (except for the image created above; but that can be empty - it doesn't matter what's actually running in the VM).