Comment 6 for bug 1871354

Useful reference: /sys/devices/platform/{e820_pmem,nfit_test.*}/region*/persistence_domain r,
But for a fix I'd need to get access to a system with the real thing or detailed info about one.

Until then people that want to use it should allow it for "their setup" by adding to:
  /etc/apparmor.d/local/abstractions/libvirt-qemu

/sys/bus/nd/devices r,
/sys/bus/nd/devices/* r,
/sys/devices/platform/{e820_pmem,nfit_test.*}/ndbus[0-9]*/region[0-9]* r,
/sys/devices/platform/{e820_pmem,nfit_test.*}/ndbus[0-9]*/region[0-9]*/persistence_domain r,

This list might increase once we know a few real setups content in these paths.
Once we know that we can discuss if it is safe to allow that unconditionally or not.

P.S. We still would want to silence the denial until allowed.