Code review comment for ~paelzer/ubuntu/+source/qemu:groovy-merge-pick-5.0-14

I also did a full upgrade on my xen host and tried xen with virt-manager without the former symlink workaround in place.

The new qemu-system-x86-xen slots into place nicely:.

ubuntu@ubuntu:~$ virsh capabilities | grep emu
      <emulator>/usr/lib/xen-4.11/bin/qemu-system-i386</emulator>
      <emulator>/usr/lib/xen-4.11/bin/qemu-system-i386</emulator>
      <emulator>/usr/lib/xen-4.11/bin/qemu-system-i386</emulator>
      <emulator>/usr/lib/xen-4.11/bin/qemu-system-i386</emulator>
      <emulator>/usr/lib/xen-4.11/bin/qemu-system-i386</emulator>
      <emulator>/usr/lib/xen-4.11/bin/qemu-system-i386</emulator>
ubuntu@ubuntu:~$ ll /usr/lib/xen-4.11/bin/qemu-system-i386
-rwxr-xr-x 1 root root 15355976 Aug 3 05:15 /usr/lib/xen-4.11/bin/qemu-system-i386*

But - then all of the apparmor isolation will fall apart.
As it will not allow this path to be executed.

Aug 04 06:31:13 ubuntu audit[115176]: AVC apparmor="DENIED" operation="exec" profile="libvirtd" name="/usr/lib/xen-4.11/bin/qemu-system-i386" pid=115176 comm="libvirtd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Aug 04 06:31:13 ubuntu kernel: audit: type=1400 audit(1596522673.656:146): apparmor="DENIED" operation="exec" profile="libvirtd" name="/usr/lib/xen-4.11/bin/qemu-system-i386" pid=115176 comm="libvirtd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Aug 04 06:31:13 ubuntu libvirtd[85510]: internal error: Child process (/usr/lib/xen-4.11/bin/qemu-system-i386 -help) unexpected exit status 126: libvirt: error : cannot execute binary /usr/lib/xen-4.11/bin/qemu-system-i386: Permission denied

So we want to keep things much more than they already are - but with a symlink in place (as my manual workaround was).