Merge "V-51739: LSM device labeling exception"

doc/source/developer-notes/V-51379.rst

@@ -0,0 +1,7 @@
+**Exception**
+
+Although SELinux works through a labeling system where every file (including
+devices) receive a label, AppArmor works purely through policies without
+labels. However, openstack-ansible does configure several AppArmor policies
+to reduce the chances and impact of LXC container breakouts on OpenStack
+hosts.