Package: apparmor Version: 2.13.6-3 -- System information: Linux debian 5.9.0-5-cloud-amd64 #1 SMP Debian 5.9.15-1 (2020-12-17) x86_64 GNU/Linux
When creating a new VM on a clean instance of debian bullseye, the following apparmor denial is printed to /var/log/kern.log: Jan 12 11:16:08 debian kernel: [ 19.023700] audit: type=1400 audit(1610450168.832:25): apparmor="STATUS" operation="profile_load" profile="unconfined" name="libvirt-bf21a734-8f15-42ac-aa5d- 83e1db193668" pid=2324 comm="apparmor_parser" Jan 12 11:16:08 debian kernel: [ 19.150232] audit: type=1400 audit(1610450168.956:26): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="libvirt-bf21a734-8f15-42ac-aa5d- 83e1db193668" pid=2332 comm="apparmor_parser" Jan 12 11:16:09 debian kernel: [ 19.276418] audit: type=1400 audit(1610450169.084:27): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="libvirt-bf21a734-8f15-42ac-aa5d- 83e1db193668" pid=2336 comm="apparmor_parser" Jan 12 11:16:09 debian kernel: [ 19.405932] audit: type=1400 audit(1610450169.212:28): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="libvirt-bf21a734-8f15-42ac-aa5d-83e1db193668" pid=2340 comm="apparmor_parser" Jan 12 11:16:09 debian kernel: [ 19.500732] audit: type=1400 audit(1610450169.308:29): apparmor="DENIED" operation="capable" profile="libvirtd" pid=1931 comm="rpc-worker" capability=39 capname="bpf" Jan 12 11:16:09 debian kernel: [ 19.503459] audit: type=1400 audit(1610450169.312:30): apparmor="DENIED" operation="capable" profile="libvirtd" pid=1931 comm="rpc-worker" capability=38 capname="perfmon" I see that capabilities PERFMON and BPF has been merged to apparmor as of version 2.13 , so that's why this denial showed up now. You can recreate it by running these commands, which will create an empty VM: 1. echo "<domain type='qemu'><name>testVm</name><os><type arch='x86_64'>hvm</type></os><memory unit='MiB'>128</memory></domain>" > /tmp/xml 2. virsh define /tmp/xml 3. virsh start testVm