apparmor="DENIED" when I try to start my VM after a disk snapshot

Hello,

I created a disk snapshot of a VM. Now I can’t start this VM… It seems to be due to apparmor.

[Fri Feb 28 08:20:53 2025] audit: type=1400 audit(1740727256.969:813): apparmor=“STATUS” operation=“profile_replace” profile=“unconfined” name=“libvirt-12f32853-7e6b-4d66-b02b-4ba76bf37f1b” pid=3837143 comm=“apparmor_parser”
[Fri Feb 28 08:20:53 2025] audit: type=1400 audit(1740727257.069:814): apparmor=“DENIED” operation=“open” profile=“libvirt-12f32853-7e6b-4d66-b02b-4ba76bf37f1b” name=“/var/lib/one/datastores/0/113/disk.0.snap/0” pid=3837147 comm=“qemu-kvm-one” requested_mask=“r” denied_mask=“r” fsuid=9869 ouid=9869

root@R2-DellServer01:/etc/apparmor.d/libvirt# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 12 (bookworm)
Release: 12
Codename: bookworm

root@R2-DellServer01:/etc/apparmor.d/libvirt# dpkg -s apparmor | grep ‘^Version:’
Version: 3.0.8-3

Can someone help me ?

Thanks a lot,
Benjamin

I guess this is the reason:
Feb 28 10:45:16 R2-DellServer01 libvirtd[3477]: Failed to read AppArmor profiles list ‘/sys/kernel/security/apparmor/profiles’: Permission denied

root@R2-DellServer01:~# ls -l /sys/kernel/security/apparmor/profiles
-r–r–r-- 1 root root 0 Feb 28 10:41 /sys/kernel/security/apparmor/profiles

Disabling apparmor solve the issue…

sudo systemctl disable apparmor
init 6

Then it’s OK.

But should not be the final solution I guess.