Comment 1 for bug 702774

Did some additional research, and managed to re-load the existing profiles by executing:

root:/etc/apparmor.d/libvirt# for i in $(ls | grep -v "\.files" | grep libvirt-); do apparmor_parser -a $i; done

# apparmor_status
apparmor module is loaded.
40 profiles are loaded.
40 profiles are in enforce mode.
[...]
   libvirt-22119fd7-e5c4-20c8-7efe-e0fbb086e218
   libvirt-27ddd6d3-01ec-85dd-3f3b-0f58cbff18fe
   libvirt-2d1c701b-d5ed-8524-4ef6-fbd12419d75e
   libvirt-51ef85f6-ce69-4788-9293-2af1860d45d0
   libvirt-564dbb14-b9f2-4083-2b85-cd44e90ee5c6
   libvirt-909b523f-78a6-01c2-8179-daebf72b9e1f
   libvirt-92d90b8b-b336-b73f-fb22-72a48d475445
   libvirt-de951d50-6787-ec6a-754c-c5b39a2d7cd9
   libvirt-ec24421d-1911-4b1b-09a8-0ece48901cb8
[...]

However, attempting to apply these to an existing pid (according to wiki @ https://help.ubuntu.com/community/AppArmor) gives:

root:/proc/23859/attr# cat current
unconfined
root:/proc/23859/attr# echo 'setprofile libvirt-27ddd6d3-01ec-85dd-3f3b-0f58cbff18fe' > current
-bash: echo: write error: Permission denied

New machines shut down and relaunched after doing the "service apparmor restart" gets correctly confined:

# apparmor_status
[...]
3 processes have profiles defined.
3 processes are in enforce mode :
   /usr/sbin/libvirtd (1928)
   /usr/sbin/named (5018)
   libvirt-2d1c701b-d5ed-8524-4ef6-fbd12419d75e (11214)
[...]
# service apparmor restart
[...]
2 processes are in enforce mode :
   /usr/sbin/libvirtd (1928)
   /usr/sbin/named (5018)
[...]