One workaround is to do aa-complain /etc/apparmor.d/libvirt/libvirt-<UUID>
You may need to touch /etc/apparmor.d/libvirt/libvirt-<UUID>.files because the .files may not be present, it is created and removed dynamically by libvirt Another workaround is to (accidentally) break the apparmor profile so it can't be correctly parsed. I believe that in this case, libvirt launches the VM anyway, but with no apparmor profile ... this is a bit sneaky. So if you want to investigate apparmor, you have to see the libirt-<UUID> profile in aa-status. It defaults to enforce. If it's not there, fix the problem. With aa-enforce on, vm launch fails but there is no logging anywhere I can find of a DENIED message. So as an absolute apparmor beginner, I have no clues. The best I can do is with strace on the libvirtd process root@elecgear:/home/tim# strace -f -p 4818 2>&1 | grep memfd [pid 11307] memfd_create("test", MFD_CLOEXEC|MFD_ALLOW_SEALING) = 3 [pid 11307] memfd_create("test", MFD_CLOEXEC|MFD_HUGETLB) = 3 [pid 11307] memfd_create("memory-backend-memfd", MFD_CLOEXEC|MFD_ALLOW_SEALING|MFD_HUGETLB|21<<MFD_HUGE_SHIFT) = 20 [pid 11307] write(2, "failed to resize memfd to 214748"..., 55) = 55 ** Summary changed: - hugepages causes permissions error [invalid, page pool too small] + hugepages causes permissions error [apparmor profile] -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073214 Title: hugepages causes permissions error [apparmor profile] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/2073214/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs