If someone still wondering how to hide the fact of using app in hypervisor VM, the apparmor profile seems to be the way it should be done. Here is profile that result “Desktop” as default device name in Telegram instead of hypervisor name:
include <tunables/global>
profile Telegram /home/user/Telegram/{Telegram,Updater} {
# Telegram directory
owner /home/user/.local/share/TelegramDesktop/{**,} rwkl,
owner /home/user/Telegram/* ixwr,
owner /home/user/Downloads/** rw,
owner /home/user/Downloads/ rw,
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/fonts>
/usr/share/** r,
owner /run/user/*/dconf/user rw,
owner /proc/[0-9]*/stat r,
# Uncomment below to avoid warnings
# owner /proc/[0-9]*/task/ r,
# owner /run/user/*/pulse/ rw,
# owner /etc/dconf/profile/user r,
# owner /etc/dconf/db/local r,
# Deny recent
deny /home/user/.local/share/recently-used.xbel r,
# Block binary execution and mapping of compiled libraries
audit deny owner /**/* m,
audit deny /home/user/[^.]** mx,
audit deny /{media,mnt,srv,net}/** mx,
deny /run/udev/data/** rwklmx,
deny /usr/bin/gconftool-2 x,
deny /var/cache/fontconfig/ w,
audit deny owner /**/*.py* r, # Block Python imports
deny /dev/video* rwmlkx, # Block cameras
}
combined with changing environment (second row is excessive) in your session as another user wrote above:
export XDG_CURRENT_DESKTOP=XFCE
export XDG_SESSION_DESKTOP=XFCE
allows you to restrict access of Telegram app to your system. Still profile might be improved by more advanced users.