I think AppArmor needs a new rule for /usr/bin/kvm-spice.
The reason,
1) When I boot a VM, every time I get a kernel log like below, even if I set the VM's Video model to Cirrus.
Oct 13 22:45:08 HOSTNAME kernel: [507466.445098] type=1400 audit(1350135908.372:69): apparmor="DENIED" operation="open" parent=1 profile="libvirt-52d08545-a490-c890-654a-260caf35d27d" name="/proc/17685/auxv" pid=17685 comm="kvm-spice" requested_mask="r" denied_mask="r" fsuid=104 ouid=104
2) I change the VM's setting "<emulator>/usr/bin/kvm-spice</emulator>" to /usr/bin/kvm with "virsh edit VMNAME", and I get BIOS boot menu correctly while the VM is booting. And there is no "DENIED" in kernel log anymore.
I'm not familiar with AppArmor so I have no idea how to set AppArmor properly.
I think AppArmor needs a new rule for /usr/bin/kvm-spice.
The reason,
1) When I boot a VM, every time I get a kernel log like below, even if I set the VM's Video model to Cirrus. 8.372:69) : apparmor="DENIED" operation="open" parent=1 profile= "libvirt- 52d08545- a490-c890- 654a-260caf35d2 7d" name="/ proc/17685/ auxv" pid=17685 comm="kvm-spice" requested_mask="r" denied_mask="r" fsuid=104 ouid=104
Oct 13 22:45:08 HOSTNAME kernel: [507466.445098] type=1400 audit(135013590
2) I change the VM's setting "<emulator> /usr/bin/ kvm-spice< /emulator> " to /usr/bin/kvm with "virsh edit VMNAME", and I get BIOS boot menu correctly while the VM is booting. And there is no "DENIED" in kernel log anymore.
I'm not familiar with AppArmor so I have no idea how to set AppArmor properly.