denial for creating /run/user/32011/scopes/leaf-net/

I feel like this bug is known and I thought there was a bug for this, but I can't seem to find it now so filing a new one....

Most scopes are seeing:
apparmor="DENIED" operation="mkdir" profile="com.ubuntu.scopes.youtube_youtube_1.0.13" name="/run/user/32011/scopes/leaf-net/" pid=NNN comm="scoperunner" requested_mask="c" denied_mask="c" fsuid=32011 ouid=32011

Scopes aren't allowed to create /run/user/32011/scopes/leaf-net/ (they are allowed to create their own scopes directory under it). This was mentioned in https://bugs.launchpad.net/unity-scopes-api/+bug/1356409/comments/3 and it was mentioned that this branch may fix it: https://code.launchpad.net/~michihenning/unity-scopes-api/test-before-mkdir/+merge/231110. However, the problem seems to be that nothing is creating that directory at all before the scopes try to create it for themselves. Pete said in the above comment "I think the runtime should probably not be trying to create this while inside confinement, as it will always fail." -- that is precisely the problem. Something unconfined outside of the scopes themselves needs to create it.

Marking rtm14 and Critical-- it is causing a lot of noise in the logs and presumably scopes aren't able to function correctly. Please adjust as needed.