Comment 22 for bug 1815910

Thanks Jamie for providing an approach that is a compromise between upstreams needs and Ubuntu as a downstream - as well as at the same time being a tradeoff between comfort and security.

I'll implement this as a downstream change in 19.10:
- add the comment to the config (thanks for writing it up)
- change the code to allow it in any case

But for older releases I'd decide that we don't want to change this through an SRU.
There the solution for users who depend on it to add
 /dev/vhost-net rw,
to
If existing (>= 18.10)
  /etc/apparmor.d/local/abstractions/libvirt-qemu
or otherwise to
  /etc/apparmor.d/abstractions/libvirt-qemu