Enforcing AppArmor breaks LXD virt_type

When AppArmor is enforce, nova-lxd can't even start. This is because various cpu properties are not readable:

[76920.211338] audit: type=1400 audit(1490366094.192:56): apparmor="DENIED" operation="open" profile="/usr/bin/nova-compute" name="/sys/devices/system/cpu/cpu0/topology/thread_siblings" pid=405569 comm="lscpu" requested_mask="r" denied_mask="r" fsuid=113 ouid=0
[76979.971671] audit: type=1400 audit(1490366153.952:57): apparmor="DENIED" operation="open" profile="/usr/bin/nova-compute" name="/sys/devices/system/cpu/cpu0/topology/thread_siblings" pid=405740 comm="lscpu" requested_mask="r" denied_mask="r" fsuid=113 ouid=0
[77027.842095] audit: type=1400 audit(1490366201.827:59): apparmor="DENIED" operation="open" profile="/usr/bin/nova-compute" name="/sys/devices/system/cpu/cpu0/topology/thread_siblings" pid=408803 comm="lscpu" requested_mask="r" denied_mask="r" fsuid=113 ouid=0
[77195.285248] audit: type=1400 audit(1490366369.265:604): apparmor="DENIED" operation="open" profile="/usr/bin/nova-compute" name="/sys/devices/system/cpu/cpu0/topology/thread_siblings" pid=411560 comm="lscpu" requested_mask="r" denied_mask="r" fsuid=113 ouid=0
[77257.294846] audit: type=1400 audit(1490366431.273:606): apparmor="DENIED" operation="open" profile="/usr/bin/nova-compute" name="/sys/devices/system/cpu/cpu0/cache/index2/type" pid=417631 comm="lscpu" requested_mask="r" denied_mask="r" fsuid=113 ouid=0
[77272.523721] audit: type=1400 audit(1490366446.502:607): apparmor="DENIED" operation="open" profile="/usr/bin/nova-compute" name="/sys/devices/system/cpu/cpu0/cache/index2/type" pid=417728 comm="lscpu" requested_mask="r" denied_mask="r" fsuid=113 ouid=0
[77320.196691] audit: type=1400 audit(1490366494.173:609): apparmor="DENIED" operation="open" profile="/usr/bin/nova-compute" name="/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_max_freq" pid=420761 comm="lscpu" requested_mask="r" denied_mask="r" fsuid=113 ouid=0
[77379.980314] audit: type=1400 audit(1490366553.957:610): apparmor="DENIED" operation="open" profile="/usr/bin/nova-compute" name="/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_max_freq" pid=421164 comm="lscpu" requested_mask="r" denied_mask="r" fsuid=113 ouid=0
[77441.004521] audit: type=1400 audit(1490366614.981:611): apparmor="DENIED" operation="open" profile="/usr/bin/nova-compute" name="/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_max_freq" pid=422502 comm="lscpu" requested_mask="r" denied_mask="r" fsuid=113 ouid=0