Nemu - kvm permission denied

NEMU is Intel’s stripped down version of QEMU. I have it snapped and released. I am able to run basic QEMU commands, but when I try to run with KVM enabled I get permission denied as root or non-root:

$ sudo nemu --enable-kvm
Could not access KVM kernel module: Permission denied
qemu-system-x86_64: failed to initialize KVM: Permission denied
$ nemu --enable-kvm
Could not access KVM kernel module: Permission denied
qemu-system-x86_64: failed to initialize KVM: Permission denied

Which results in the following syslog message:

Jun 15 17:23:33 x1c6 kernel: [ 7701.653067] audit: type=1400 audit(1560644613.786:148): apparmor="DENIED" operation="open" profile="snap.nemu.nemu" name="/dev/kvm" pid=17415 comm="qemu-system-x86" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
Jun 15 17:23:30 x1c6 kernel: [ 7698.310374] audit: type=1400 audit(1560644610.446:147): apparmor="DENIED" operation="open" profile="snap.nemu.nemu" name="/dev/kvm" pid=17377 comm="qemu-system-x86" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=0

I have the kvm plug already in my snapcraft.yaml, and I do see the plug:

$ snap connections nemu
Interface        Plug                  Slot           Notes
home             nemu:home             :home          -
kvm              nemu:kvm              -              -
network          nemu:network          :network       -
network-bind     nemu:network-bind     :network-bind  -
network-control  nemu:network-control  -              -

I am running 19.10 (Disco) with snapd version 2.38+19.04.

It looks like you need to connect the kvm plug. The - means it’s disconnected. Not all interfaces are auto-connect. You can see network and netowrk-bind are autoconnect. Try:
snap connect nemu:kvm

(You may also want to connect the network-control interface)

Thank you, that was it!

Note there is a process to request auto-connection of these interfaces that don’t auto-connect.