Comment # 6 on bug 1051017 from 
(In reply to Holger Sickenberg from comment #5)
> Interesting detail: the <seclabel type="none" model="apparmor"/> is part of
> the dump but not in the /etc/libvirt/qemu/sles12sp3.xml - so it seem to come
> from some global config?!

If apparmor is enabled, the apparmor security driver is loaded at libvirtd
startup. When a domain is started, the <seclabel> is added to the active domain
XML. When domain is shutdown, its active XML is discarded and you're only left
with the persistent XML (/etc/libvirt/<hypervisor>/<dom-name>.xml), assuming
the domain is persistent. Transient domains only have active XML.

You must have saved the domain on a machine where apparmor was enabled. The
active XML is saved in the state file, and that active XML is now failing to
restore on a machine where apparmor is disabled. This bug is definitely a
duplicate of bug#1049505, but that's a non-public SLES bug.

libvirt can help your predicament though. You can use 'virsh save-image-edit
/path/to/state/file' to remove the <seclabel> element, and subsequently restore
your machine.

You are receiving this mail because: