Based on the last few updates I could corner the isssue just to virt-aa-helper. There is no active instance of libvirt involved which hopefully eases the debugging.
Here what I just sent to upstream: https://www.redhat.com/archives /libvir-list/2017-July/msg00627.html I was mislead by my former assumption on the lifecycle. As virt-aa-helper gets his xml passed into stdin. I captured that and found that in both cases it had the same content. Below steps to reproduce based on that: Test -Xml: <domain type='kvm' id='1'> <name>kvmguest-artful-normal-a2</name> <uuid>f4239a92-f933-4bd3-b9fb-b9c260a7dc65</uuid> <memory unit='KiB'>524288</memory> <vcpu placement='static'>1</vcpu> <os> <type arch='ppc64le' machine='pseries-zesty'>hvm</type> <boot dev='hd'/> </os> <devices> <emulator>/usr/bin/kvm</emulator> <disk type='file' device='disk'> <driver name='qemu' type='qcow2'/> <source file='/var/lib/uvtool/libvirt/images/kvmguest-artful-normal-a2.qcow'/> <backingStore/> <target dev='vda' bus='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </disk> </devices> <seclabel type='dynamic' model='apparmor' relabel='yes'> <label>libvirt-f4239a92-f933-4bd3-b9fb-b9c260a7dc65</label> <imagelabel>libvirt-f4239a92-f933-4bd3-b9fb-b9c260a7dc65</imagelabel> </seclabel> </domain> File: qemu-img info /var/lib/uvtool/libvirt/images/kvmguest-artful-normal-a2.qcow image: /var/lib/uvtool/libvirt/images/kvmguest-artful-normal-a2.qcow file format: qcow2 virtual size: 8.0G (8589934592 bytes) disk size: 200M cluster_size: 65536 backing file: /var/lib/uvtool/libvirt/images/x-uvt-b64-Y29tLnVidW50dS5jbG91ZC5kYWlseTpzZXJ2ZXI6MTcuMTA6cHBjNjRlbCAyMDE3MDcxNg== backing file format: qcow2 Format specific information: compat: 0.10 refcount bits: 1 To be sure I undefined the guest to not have "a different source" or information. Generate a new profile: $ /usr/lib/libvirt/virt-aa-helper --create --dryrun --uuid 'libvirt-f4239a92-f933-4bd3-b9fb-b9c260a7dc65' < test-virt-aa-helper.xml In 3.5 this is no more having the line: /var/lib/uvtool/libvirt/images/x-uvt-b64-Y29tLnVidW50dS5jbG91ZC5kYWlseTpzZXJ2ZXI6MTcuMTA6cHBjNjRlbCAyMDE3MDcxNg== -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1704782 Title: qcow base image apparmor rule missing in artful To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1704782/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
