libvirt already has the ability to inject AppArmor rules into the profile that it generates for a domain when you set/modify the path to a disk image. You can test this manually by running `virsh edit DOMAIN`, adjusting one of the paths in the xml, and then looking at the corresponding change in /etc/apparmor.d/libvirt/libvirt-*.files.
I'm confused about why this isn't working for you. Maybe you're going through libvirt to set/update the paths to your images?
Can you post a sample XML file and the AppArmor denials that you're seeing when using the XML file?
libvirt already has the ability to inject AppArmor rules into the profile that it generates for a domain when you set/modify the path to a disk image. You can test this manually by running `virsh edit DOMAIN`, adjusting one of the paths in the xml, and then looking at the corresponding change in /etc/apparmor. d/libvirt/ libvirt- *.files.
I'm confused about why this isn't working for you. Maybe you're going through libvirt to set/update the paths to your images?
Can you post a sample XML file and the AppArmor denials that you're seeing when using the XML file?