apparmor: Check libvirtd profile status by name

Commit a3ab6d42 changed the libvirtd profile to a named profile,
breaking the apparmor driver's ability to detect if the profile is
active. When the apparmor driver loads it checks the status of the
libvirtd profile using the full binary path, which fails since the
profile is now referenced by name. If the apparmor driver is
explicitly requested in /etc/libvirt/qemu.conf, then libvirtd fails
to load too.

Instead of only checking the profile status by full binary path,
also check by profile name. The full path check is retained in case
users have a customized libvirtd profile with full path.
Signed-off-by: NJim Fehlig <jfehlig@suse.com>
Acked-by: NJamie Strandboge <jamie@canonical.com>

src/security/security_apparmor.c

@@ -257,10 +257,16 @@ use_apparmor(void)
     if (access(APPARMOR_PROFILES_PATH, R_OK) != 0)
         goto cleanup;
 
+    /* First check profile status using full binary path. If that fails
+     * check using profile name.
+     */
     rc = profile_status(libvirt_daemon, 1);
+    if (rc < 0) {
+        rc = profile_status("libvirtd", 1);
         /* Error or unconfined should all result in -1*/
         if (rc < 0)
             rc = -1;
+    }
 
  cleanup:
     VIR_FREE(libvirt_daemon);