apparmor: Misc fixes for lbaasv2 profile

Ensure that profiles are correctly applied in network
namespace using profile flag.

Allow lbaasv2 agent binary to read /proc/*/stat to support
monitoring of haproxy instances.

Change-Id: Ifc3388e894db998bfad8e5998a02120222d9e3ae
Closes-Bug: 1770040

templates/usr.bin.neutron-lbaasv2-agent

@@ -2,7 +2,7 @@
 # Mode: {{aa_profile_mode}}
 #include <tunables/global>
 
-/usr/bin/neutron-lbaasv2-agent {
+/usr/bin/neutron-lbaasv2-agent flags=(attach_disconnected) {
   #include <abstractions/base>
   #include <abstractions/python>
   #include <abstractions/nameservice>
@@ -52,4 +52,7 @@
   owner @{PROC}/@{pid}/status r,
   owner @{PROC}/@{pid}/stat r,
   owner @{PROC}/@{pid}/ns/net r,
+  # Allow subprocess stat for management of haproxy instances
+  # which are owned by 'nobody'
+  @{PROC}/*/stat r,
 }