Comment 8 for bug 1804766

@ubuntu-security:
would you mind checking and letting me know your opinion on adding the following to /etc/apparmor/abstractions/libvirt-qemu
Note: I have not seen a way to detect in virt-aa-helper if gl is enabled to do it dynamically:

# For opengl based display options (LP: #1804766)
/dev/dri/ r,
/dev/dri/* r,

Furthermore I'd want to make the user we run qemu with be part of the video group (if available).
Like this in the postinst after creating the user:
  $ sudo usermod -a -G video libvirt-qemu

Please let me know if you'd consider that ok - needed for sharing vGPUs of cards as MDEV to the guest. Also down the road required for accelerated virtio-vga once we would support virglrender.