Comment 2 for bug 1867216

@jjohansen, when this was fixed was it something in the kernel side or just the parser side? i.e. could we rely on just the version of apparmor_parser? (I'm not sure how to check the version of apparmor in the kernel to be honest)

Also, what do folks think about adding this rule to the default policy or alternatively maybe to the network interface:

```
unix (bind) addr=auto,
```

If I'm reading the man page correctly, that only allows binding an anonymous socket, it doesn't allow binding to a named socket in the way that other applications using specific addresses would.

Considering that this is only available in 2.12.5, 2.13.5 and 3.x versions of apparmor, we might need to make adding that rule conditional on having apparmor versions above those versions.

I ask (and am adding a snapd task here) since new versions of the docker snap are affected by the same go-systemd problem that triggered the kubernetes change here, and in docker's case docker will think that journald is not available at all and be entirely silent when things go wrong.