Comment 31 for bug 1847361

Now I hit an issue that I expected:

DEBUG: trying to load module: /var/run/qemu/Debian_1_4.2-3ubuntu2~ppa4/block-curl.so
Failed to open module: /var/run/qemu/Debian_1_4.2-3ubuntu2~ppa4/block-curl.so: cannot open shared object file: Permission denied

Which is due to apparmove:
[302376.960953] audit: type=1400 audit(1583238035.059:439): apparmor="DENIED" operation="open" namespace="root//lxd-f_<var-snap-lxd-common-lxd>" profile="libvirt-2bef989e-6d28-45c8-b101-3959de1db2b3" name="/run/qemu/Debian_1_4.2-3ubuntu2~ppa4/block-curl.so" pid=6958 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0

I'm on the brink of letting that blocked by default and people would
=> less comfortable, but effectively making the change not even a bit less secure until bigger deployments who care opt in (also this can be decided later on).
Adding a libvirt task for it ...