Did some additional research, and managed to re-load the existing profiles by executing:
root:/etc/apparmor.d/libvirt# for i in $(ls | grep -v "\.files" | grep libvirt-); do apparmor_parser -a $i; done # apparmor_status apparmor module is loaded. 40 profiles are loaded. 40 profiles are in enforce mode. [...] libvirt-22119fd7-e5c4-20c8-7efe-e0fbb086e218 libvirt-27ddd6d3-01ec-85dd-3f3b-0f58cbff18fe libvirt-2d1c701b-d5ed-8524-4ef6-fbd12419d75e libvirt-51ef85f6-ce69-4788-9293-2af1860d45d0 libvirt-564dbb14-b9f2-4083-2b85-cd44e90ee5c6 libvirt-909b523f-78a6-01c2-8179-daebf72b9e1f libvirt-92d90b8b-b336-b73f-fb22-72a48d475445 libvirt-de951d50-6787-ec6a-754c-c5b39a2d7cd9 libvirt-ec24421d-1911-4b1b-09a8-0ece48901cb8 [...] However, attempting to apply these to an existing pid (according to wiki @ https://help.ubuntu.com/community/AppArmor) gives: root:/proc/23859/attr# cat current unconfined root:/proc/23859/attr# echo 'setprofile libvirt-27ddd6d3-01ec-85dd-3f3b-0f58cbff18fe' > current -bash: echo: write error: Permission denied New machines shut down and relaunched after doing the "service apparmor restart" gets correctly confined: # apparmor_status [...] 3 processes have profiles defined. 3 processes are in enforce mode : /usr/sbin/libvirtd (1928) /usr/sbin/named (5018) libvirt-2d1c701b-d5ed-8524-4ef6-fbd12419d75e (11214) [...] # service apparmor restart [...] 2 processes are in enforce mode : /usr/sbin/libvirtd (1928) /usr/sbin/named (5018) [...] -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/702774 Title: Update of AppArmor disables libvirtd dynamic profiles -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
