Comment 11 for bug 1546674

Thanks Simon,
I found another one to trigger which is when failing to start a guest.
I can't reproduce with a working guest, but still it is a way to trigger - although it doesn't seem reliably.

Still I have a system to verify on for myself reporting e.g.
[85681.586318] audit: type=1400 audit(1476865131.741:189): apparmor="DENIED" operation="open" profile="/usr/lib/libvirt/virt-aa-helper" name="/etc/nsswitch.conf" pid=8448 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[85681.586329] audit: type=1400 audit(1476865131.741:190): apparmor="DENIED" operation="open" profile="/usr/lib/libvirt/virt-aa-helper" name="/etc/host.conf" pid=8448 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

I much more like your approach.

I'll prep something to test early next week (on a business trip the next days)