Comment 5 for bug 1610368

Hi,
getting to my attention now due to the drop of upstream qemu.
This is actually a dup of bug 1552241

TL;DR:
- yes it is an issue
- the /run/udev/data/* blanket is considered "too open"
- a correct fix needs some serious development in virt-aa-helper
- until this is done upstream users who want to opt-in need to opt-in (to get functionality but also unsafety) by making the profile less restrictive in /etc/apparmor.d/abstractions/libvirt-qemu