[pkg-apparmor] Bug#890084: libvirt: error : unable to set AppArmor profile

[Craig Small]

Package: apparmor
Version: 2.12-2

apparmor is basically stopping libvirt hosts from running.
The reporting is pretty terrible, I'm not sure what file it is trying to
find. The only thing in the logs is the audit lines.

Removing those /etc/apparmor.d/libvirt/libvirt* files fixed the problem
I suspect the zero length file is the problem.

virsh # start Webserver
error: Failed to start domain Webserver
error: internal error: Process exited prior to exec: libvirt:  error : unable to set AppArmor profile 'libvirt-fe259d01-e56e-6523-f3d0-2e8f26a843e4' for '/usr/bin/kvm': No such file or directory

$ ls -l /etc/apparmor.d/libvirt/
total 12
-rw-r--r-- 1 root root   0 Feb 10 21:08 libvirt-fe259d01-e56e-6523-f3d0-2e8f26a843e4
-rw-r--r-- 1 root root 582 Feb 11 09:30 libvirt-fe259d01-e56e-6523-f3d0-2e8f26a843e4.files
-rw-r--r-- 1 root root 342 Sep 19 04:24 TEMPLATE.lxc
-rw-r--r-- 1 root root 192 Sep 19 04:24 TEMPLATE.qemu

Kernel log:
[ 3395.875800] audit: type=1400 audit(1518301842.322:35): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="/usr/sbin/libvirtd" name="libvirt-fe259d01-e56e-6523-f3d0-2e8f26a843e4" pid=25196 comm="libvirtd"


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-3-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apparmor depends on:
ii  debconf [debconf-2.0]  1.5.65
ii  libc6                  2.26-6
ii  lsb-base               9.20170808
ii  python3                3.6.4-1

apparmor recommends no packages.

Versions of packages apparmor suggests:
pn  apparmor-profiles-extra  <none>
pn  apparmor-utils           <none>

-- debconf information excluded