Comment 25 for bug 1815910

I checked vsock devices, those are fully mediated by libvirt and only an already open FD is passed when using those.
Without apparmor allowing a new open to qemu I have:

sudo lsof -p 9445 +fg | grep vhost
qemu-syst 9445 libvirt-qemu 19u CHR RW,LG 10,241 0t0 503 /dev/vhost-vsock

For:
    <vsock model='virtio'>
      <cid auto='yes'/>
    </vsock>

So vsock is good as-is