feat(profile): general update.

apparmor.d/groups/virt/libvirtd

@@ -70,10 +70,10 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
   ptrace (read,trace) peer=unconfined,
   ptrace (read,trace) peer=@{profile_name},
   ptrace (read,trace) peer=dnsmasq,
-  ptrace (read,trace) peer=libvirt-*,
+  ptrace (read,trace) peer=libvirt-@{uuid},
   ptrace (read,trace) peer=virt-manager,
 
-  signal (read,send) peer=libvirt-*,
+  signal (read,send) peer=libvirt-@{uuid},
   signal (read,send) peer=unconfined,
   signal (send) peer=dnsmasq,
   signal (send) set=(kill, term) peer=virtiofsd,
@@ -246,16 +246,17 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
   owner @{PROC}/@{pid}/mounts r,
   owner @{PROC}/@{pid}/task/@{tid}/comm rw,
 
+  /dev/cpu/@{int}/msr r,
   /dev/dri/ r,
   /dev/hugepages/{,**} w,
   /dev/kvm rw,
   /dev/mapper/ r,
   /dev/mapper/control rw,
   /dev/net/tun rw,
+  /dev/ptmx rw,
   /dev/shm/libvirt/{,**} rw,
   /dev/vfio/@{int} rwk,
   /dev/vhost-net rw,
-  /dev/ptmx rw,
 
   # Force the use of virt-aa-helper
   audit deny @{bin}/apparmor_parser rwxl,

apparmor.d/groups/virt/virtiofsd

@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{lib}/qemu/virtiofsd @{bin}/virtiofsd
+@{exec_path} = @{lib}/{,qemu/}virtiofsd @{bin}/virtiofsd
 profile virtiofsd @{exec_path} {
   include <abstractions/base>