Comment 2 for bug 1786159

This is sort of safe because:
- while /tmp could contain anything it is not recommended to put critical data there anyway
- while it would be hard to predict the PID as part of the string (this is not exposed through https://libvirt.org/formatdomain.html) so that virt-aa-helper could generate it it is guarded by the "owner" statement

In fact there already is an abstraction meant for this apparmor.d/abstractions/user-tmp
  # per-user tmp directories
  owner @{HOME}/tmp/** rwkl,
  owner @{HOME}/tmp/ rw,

  # global tmp directories
  owner /var/tmp/** rwkl,
  /var/tmp/ rw,
  owner /tmp/** rwkl,
  /tmp/ rw,

This should be perfectly fine to be added I'd think.