[apparmor] apparmor and affinity mask

[Jeroen Ooms]

I would like to restrict the number of cores/cpu's that a certain
process can use. The affinity mask provides one method by restricting
which of the processors are available to the process. However,
unfortunately there is not rlimit_affinity in linux, so any process
can reset its own affinity mask.

I was wondering if AppArmor provides any way to do put permanent
restrictions on the affinity mask?