Adding this to /etc/apparmor.d/usr.sbin.libvirtd is fine:
network packet dgram,
libvirtd is not intended to be confined an any way (except it is forced to use virt-aa-helper instead of manipulated AppArmor directly). Adding the above is pure bugfix and does not diminish the intended security stance in any way. Please feel free to commit.
Adding this to /etc/apparmor. d/usr.sbin. libvirtd is fine:
network packet dgram,
libvirtd is not intended to be confined an any way (except it is forced to use virt-aa-helper instead of manipulated AppArmor directly). Adding the above is pure bugfix and does not diminish the intended security stance in any way. Please feel free to commit.