/run -> @{run}, [0-9]* -> @{uid}.

apparmor.d/abstractions/libvirt-qemu

@@ -43,9 +43,9 @@
   /sys/bus/usb/devices/ r,
   /sys/devices/**/usb[0-9]*/** r,
   # libusb needs udev data about usb devices (~equal to content of lsusb -v)
-  /run/udev/data/+usb* r,
-  /run/udev/data/c16[6,7]* r,
-  /run/udev/data/c18[0,8,9]* r,
+  @{run}/udev/data/+usb* r,
+  @{run}/udev/data/c16[6,7]* r,
+  @{run}/udev/data/c18[0,8,9]* r,
 
   # WARNING: this gives the guest direct access to host hardware and specific
   # portions of shared memory. This is required for sound using ALSA with kvm,
@@ -233,7 +233,7 @@
 
   # silence refusals to open lttng files (see LP: #1432644)
   deny /dev/shm/lttng-ust-wait-* r,
-  deny /run/shm/lttng-ust-wait-* r,
+  deny @{run}/shm/lttng-ust-wait-* r,
 
   # for vfio hotplug on systems without static vfio (LP: #1775777)
   /dev/vfio/vfio rw,

apparmor.d/abstractions/lightdm

@@ -82,7 +82,7 @@
   /{,var/}run/shm/** wl,
   /{,var/}run/uuidd/request w,
   # libpam-xdg-support/logind
-  owner /{,var/}run/user/*/** rw,
+  owner /{,var/}run/user/@{uid}/** rw,
 
   capability ipc_lock,
 

apparmor.d/abstractions/totem

@@ -46,9 +46,9 @@
 
   owner @{PROC}/@{pid}/{mountinfo,status} r,
 
-  /run/udev/data/c* r,
-  /run/udev/data/+drm:card* r,
-  /run/udev/data/+usb* r,
+  @{run}/udev/data/c* r,
+  @{run}/udev/data/+drm:card* r,
+  @{run}/udev/data/+usb* r,
 
   /sys/devices/system/node/*/meminfo r,