I can't make head or tail of this. aa-complain still enforces deny rules, there is no (discoverable) way to log deny rules, and
grep -r deny /etc/apparmor.d | grep virt | grep -v /sys | grep -v /dev doesn't show anything which would apply to /var/lib/libvirt/. `aa-disable /etc/apparmor.d/libvirt/libvirt-a5aa3a67-6967-43a5-9d61-b0b380bd14e6` also doesn't work because it references a non-existing libvirt/libvirt-a5aa3a67-6967-43a5-9d61-b0b380bd14e6.files. The only thing that works is aa-disable libvirtd systemctl restart libvirtd (That requires apparmor-utils) After that, the snapshot-delete command works. I don't know what else I could try here to debug this properly, so a hint from someone AppArmor-savvy would be much appreciated.
