Comment 9 for bug 1633207

While debugging I found the first level of oddities that I'll continue on and hopefully gives us a solution (or at least eliminate one roadblock).

I think I found that things work with the error described in the bug on Xenial->Yakkety upgraded systems. But on all others I see:
error: unsupported configuration: Unable to find security driver for model apparmor

That would explain the reproducibility fuzz a bit.

After realizing that I checked logs:
 internal error: template '/etc/apparmor.d/libvirt/TEMPLATE.qemu' does not exist
 internal error: template '/etc/apparmor.d/libvirt/TEMPLATE.qemu' does not exist
 unsupported configuration: Security driver apparmor not enabled
 internal error: template '/etc/apparmor.d/libvirt/TEMPLATE.qemu' does not exist

Now checking for those files is even more strange.

$ dpkg -S /etc/apparmor.d/libvirt/TEMPLATE.qemu
libvirt-daemon-system: /etc/apparmor.d/libvirt/TEMPLATE.qemu
sudo apt-get install --reinstall libvirt-daemon-system
ll /etc/apparmor.d/libvirt/TEMPLATE.qemu
ls: cannot access '/etc/apparmor.d/libvirt/TEMPLATE.qemu': No such file or directory

I guess we have those things here:
1. no proper handling of conffile changes due to the switch to the upstream provided apparmor profiles
2. on upgraded systems old&new somehow conflict
3. on new Yakkety apparmor seclabel doesn't work at all

Going on with debugging tomorrow.