Comment 3 for bug 1608446

Founded reason and WA.

root@node-1:~# cat /var/log/libvirt/qemu/instance-00000016.log
2016-08-02 08:07:36.000+0000: starting up
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin QEMU_AUDIO_DRV=none /usr/bin/kvm -name instance-00000016 -S -machine pc-i440fx-vivid,accel=kvm,usb=off -m 512 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid 82c4bd46-8658-4670-a804-9d95b3d3963d -smbios type=1,manufacturer=OpenStack Foundation,product=OpenStack Nova,version=13.0.0,serial=2b6c635d-89f4-4bbd-90fb-cefa85225b75,uuid=82c4bd46-8658-4670-a804-9d95b3d3963d,family=Virtual Machine -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/instance-00000016.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -boot strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=/var/lib/nova/instances/82c4bd46-8658-4670-a804-9d95b3d3963d/disk,if=none,id=drive-virtio-disk0,format=qcow2,cache=directsync -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -drive file=/var/lib/nova/instances/82c4bd46-8658-4670-a804-9d95b3d3963d/disk.config,if=none,id=drive-virtio-disk25,format=raw,cache=directsync -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk25,id=virtio-disk25 -netdev tap,fd=25,id=hostnet0,vhost=on,vhostfd=26 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=fa:16:3e:80:2b:7c,bus=pci.0,addr=0x3 -chardev file,id=charserial0,path=/var/lib/nova/instances/82c4bd46-8658-4670-a804-9d95b3d3963d/console.log -device isa-serial,chardev=charserial0,id=serial0 -chardev pty,id=charserial1 -device isa-serial,chardev=charserial1,id=serial1 -device usb-tablet,id=input0 -vnc 0.0.0.0:0 -k en-us -device cirrus-vga,id=video0,bus=pci.0,addr=0x2 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 -msg timestamp=on
Domain id=2 is tainted: high-privileges
libvirt: error : unable to set AppArmor profile 'libvirt-82c4bd46-8658-4670-a804-9d95b3d3963d' for '/usr/bin/kvm': No such file or directory
2016-08-02 08:07:36.004+0000: shutting down

Look at /etc/apparmor.d/libvirt/

root@node-1:~# ls -l /etc/apparmor.d/libvirt/
total 36
-rw-r--r-- 1 root root 0 Aug 2 08:06 libvirt-82c4bd46-8658-4670-a804-9d95b3d3963d
-rw-r--r-- 1 root root 931 Aug 2 08:07 libvirt-82c4bd46-8658-4670-a804-9d95b3d3963d.files
-rw-r--r-- 1 root root 266 Aug 2 08:47 libvirt-83159cad-2bc3-4130-980b-f782d1afd92b
-rw-r--r-- 1 root root 952 Aug 2 08:47 libvirt-83159cad-2bc3-4130-980b-f782d1afd92b.files
-rw-r--r-- 1 root root 265 Aug 1 23:20 libvirt-c3c5c167-215c-45c6-be6b-10389c3fb06b
-rw-r--r-- 1 root root 931 Aug 1 23:21 libvirt-c3c5c167-215c-45c6-be6b-10389c3fb06b.files
-rw-r--r-- 1 root root 265 Aug 1 23:24 libvirt-f907d277-b401-4f22-9a7d-0b211c66bdde
-rw-r--r-- 1 root root 952 Aug 1 23:24 libvirt-f907d277-b401-4f22-9a7d-0b211c66bdde.files
-rw-r--r-- 1 root root 314 Jun 3 18:02 TEMPLATE.lxc
-rw-r--r-- 1 root root 164 Jun 3 18:02 TEMPLATE.qemu

File /etc/apparmor.d/libvirt/libvirt-82c4bd46-8658-4670-a804-9d95b3d3963d has zero size.

Another file has next content:

root@node-1:~# cat /etc/apparmor.d/libvirt/libvirt-83159cad-2bc3-4130-980b-f782d1afd92b
#
# This profile is for the domain whose UUID matches this file.
#

#include <tunables/global>

profile libvirt-83159cad-2bc3-4130-980b-f782d1afd92b {
  #include <abstractions/libvirt-qemu>
  #include <libvirt/libvirt-83159cad-2bc3-4130-980b-f782d1afd92b.files>

}

After coping this content to /etc/apparmor.d/libvirt/libvirt-82c4bd46-8658-4670-a804-9d95b3d3963d with replacing uuid, virsh can start this instance.