root@dev-ramen7:~# systemctl status libvirtd.service; ● libvirt-bin.service - Virtualization daemon Loaded: loaded (/lib/systemd/system/libvirt-bin.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2017-01-24 06:23:16 PST; 3min 47s ago Docs: man:libvirtd(8) http://libvirt.org Main PID: 11066 (libvirtd) Tasks: 16 Memory: 16.5M CPU: 1.054s CGroup: /system.slice/libvirt-bin.service └─11066 /usr/sbin/libvirtd Jan 24 06:23:16 dev-ramen7 systemd[1]: Starting Virtualization daemon... Jan 24 06:23:16 dev-ramen7 systemd[1]: Started Virtualization daemon. Jan 24 06:25:05 dev-ramen7 libvirtd[11066]: libvirt version: 1.3.1, package: 1ubuntu10.6 (Christian Ehrhardt Tue, 22 Nov 2 Jan 24 06:25:05 dev-ramen7 libvirtd[11066]: hostname: ramen7.dev.saucelabs.net Jan 24 06:25:05 dev-ramen7 libvirtd[11066]: End of file while reading data: Input/output error Jan 24 06:26:07 dev-ramen7 libvirtd[11066]: internal error: Child process (LIBVIRT_LOG_OUTPUTS=3:stderr /usr/lib/libvirt/virt-aa-helper -p 0 -c -u libvirt-94 2017-01-24 14:26:07.978+0000: 11457: info : hostname: ramen7.dev.saucelabs.net 2017-01-24 14:26:07.978+0000: 11457: error : virPCIDeviceNew:1586 : internal error: dev->name buffer overflow: 72 virt-aa-helper: error: /var/local/mount/oshi103044/mnt virt-aa-helper: error: could not find realpath for disk virt-aa-helper: error: invalid VM definition Jan 24 06:26:07 dev-ramen7 libvirtd[11066]: internal error: cannot load AppArmor profile 'libvirt-944d4e1f-f9f8-42db-96b6-5af85000dac1' /var/log/syslog Jan 24 06:26:07 ramen7 libvirtd[11066]: internal error: cannot load AppArmor profile 'libvirt-944d4e1f-f9f8-42db-96b6-5af85000dac1' Jan 24 06:26:07 ramen7 xenial_noded.sh[11087]: dhcp host: {'ip': '10.89.1libvirt: Security Driver error : internal error: cannot load AppArmor profile 'libvirt-944d4e1f-f9f8-42db-96b6-5af85000dac1' root@dev-ramen7:~# cat /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper # Last Modified: Mon Jul 06 17:22:37 2009 #include /usr/lib/libvirt/virt-aa-helper { #include #include # Avoid name resolution issues (LP: #1546674) #include # needed for searching directories capability dac_override, capability dac_read_search, # needed for when disk is on a network filesystem network inet, network inet6, deny @{PROC}/[0-9]*/mounts r, @{PROC}/[0-9]*/net/psched r, owner @{PROC}/[0-9]*/status r, @{PROC}/filesystems r, # for hostdev /sys/devices/ r, /sys/devices/** r, /sys/bus/usb/devices/ r, /sys/bus/usb/devices/** r, deny /dev/sd* r, deny /dev/dm-* r, deny /dev/mapper/ r, deny /dev/mapper/* r, /usr/lib/libvirt/virt-aa-helper mr, /sbin/apparmor_parser Ux, # for openvswitch /{,var/}run/** rw, /etc/apparmor.d/libvirt/* r, /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw, # For backingstore, virt-aa-helper needs to peek inside the disk image, so # allow access to non-hidden files in @{HOME} as well as storage pools, and # removable media and filesystems, and certain file extentions. A # virt-aa-helper failure when checking a disk for backinsgstore is non-fatal # (but obviously the backingstore won't be added). audit deny @{HOME}/.* mrwkl, audit deny @{HOME}/.*/ rw, audit deny @{HOME}/.*/** mrwkl, @{HOME}/ r, @{HOME}/** r, @{HOME}/.Private/** mrwlk, @{HOMEDIRS}/.ecryptfs/*/.Private/** mrwlk, /var/lib/libvirt/images/ r, /var/lib/libvirt/images/** r, /var/lib/nova/images/** r, /var/lib/nova/instances/_base/** r, /var/lib/nova/instances/snapshots/** r, /var/lib/eucalyptus/instances/**/disk* r, /var/lib/eucalyptus/instances/**/loader* r, /var/lib/uvtool/libvirt/images/** r, /var/local/mount/** r, /mnt/album/**/* r, /{media,mnt,opt,srv}/** r, /**.img r, /**.qcow{,2} r, /**.qed r, /**.vmdk r, /**.[iI][sS][oO] r, /**/disk{,.*} r, }