On 11/09/2017 09:24 AM, Cédric Bosdonnat wrote: > The rule 'network netlink raw' fixes these denials on libvirtd start: > > apparmor="DENIED" operation="create" profile="/usr/sbin/libvirtd" pid=12969 > comm="libvirtd" family="netlink" sock_type="raw" protocol=0 > requested_mask="create" denied_mask="create" > --- > examples/apparmor/usr.sbin.libvirtd | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd > index 819068ffc..8ac5233cc 100644 > --- a/examples/apparmor/usr.sbin.libvirtd > +++ b/examples/apparmor/usr.sbin.libvirtd > @@ -36,6 +36,7 @@ > network inet6 dgram, > network packet dgram, > network packet raw, > + network netlink raw, This is already included in intrigeri's patchset to fix other apparmor rules https://www.redhat.com/archives/libvir-list/2017-November/msg00161.html