apparmor: allow reading cap_last_cap

libcap-ng >= 0.7.4 fails when it can't read /sys/kernel/cap_last_cap
and thus running a qemu guest fails.

Allow reading cap_last_cap in the libvirt-qemu apparmor abstraction.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>

examples/apparmor/libvirt-qemu

-# Last Modified: Fri Mar 9 14:43:22 2012
+# Last Modified: Wed Sep 3 21:52:03 2014
 
   #include <abstractions/base>
   #include <abstractions/consoles>
@@ -21,6 +21,7 @@
   /dev/ptmx rw,
   /dev/kqemu rw,
   @{PROC}/*/status r,
+  @{PROC}/sys/kernel/cap_last_cap r,
 
   # For hostdev access. The actual devices will be added dynamically
   /sys/bus/usb/devices/ r,