Hmm, again? Your Deny is for /usr/sbin/libvirtd
That means /etc/apparmor.d/usr.sbin.libvirtd is the important file. There we have now: # Since libvirt 4.0 we also need the reverse direction (LP: #1741617) unix (send, receive) type=stream addr=none peer=(label=libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*), # unconfined also required if guests run without security module unix (send, receive) type=stream addr=none peer=(label=unconfined), Checking the further matches of your rule: pid=12787 - does not matter comm="qemu-system-x86" - does not matter family="unix" - match sock_type="stream" - match protocol=0 - does not matter requested_mask="send receive" - match denied_mask="send receive" - does not matter addr=none - match peer_addr=none - does not matter peer="libvirt-e7f66951-c8cd-4d64-928f-d749540c4eff" - check below, also match (spaced for readability) DENY: libvirt-e7f66951 -c8cd -4d64 -928f -d749540c4eff RULE: libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* As far as I see it here it should match but does not :-/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1751222 Title: [regression] virt-manager fails to show virtual console: internal error: unable to execute QEMU command 'getfd': No file descriptor supplied via SCM_RIGHTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/virt-manager/+bug/1751222/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs