Comment 5 for bug 1772097

For snapd, as much as I don’t want to use mediate_deleted, I feel we need to considering that the open/unlink/linkat method is documented in ‘man 2 open’ and other snaps (eg, vlc, Qt 5.10, etc) are using it (at least until this bug is fixed and used everywhere). While this makes this open/unlink/linkat technique work, it does mean that a process from the snap will be able to open deleted files with open fds via the /proc interface. This is however no worse than when running unconfined since applications can always use /proc/pid/fd/... to access deleted files. Using apparmor with mediate_deleted is an improvement over unconfined in this area since ptrace mediates access to other task's processes.