Comment 4 for bug 1680384

The shutdown and vfio changes are actually already good, but the ppc kvm wrapper needs more.
Not only rearrange as outlined above, but also ppc64_cpu accesses more down the road, so we need to add this and check for more:

[20760.368049] audit: type=1400 audit(1491488425.671:93): apparmor="DENIED" operation="open" profile="libvirt-88b15add-b290-431d-9e49-fa771588f2f5" name="/sys/devices/system/cpu/subcores_per_core" pid=50462 comm="ppc64_cpu" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
[20760.369318] audit: type=1400 audit(1491488425.675:94): apparmor="DENIED" operation="open" profile="libvirt-88b15add-b290-431d-9e49-fa771588f2f5" name="/sys/devices/system/cpu/cpu0/online" pid=50462 comm="ppc64_cpu" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0