Jamie, what happens on systems without snap installed? Will systemd start the apparmor service?
How much later does this push the already-too-late apparmor service?
Requiring a potentially new thing may push the apparmor unit further behind, allowing even more services to start before profiles have been loaded.
I have to think the better approach may have been to introduce something like apparmor@.service and configure an <email address hidden> that will load profiles before snapd is started -- at least if snap is not itself loading profiles before launching programs.
Jamie, what happens on systems without snap installed? Will systemd start the apparmor service?
How much later does this push the already-too-late apparmor service?
Requiring a potentially new thing may push the apparmor unit further behind, allowing even more services to start before profiles have been loaded.
I have to think the better approach may have been to introduce something like apparmor@.service and configure an <email address hidden> that will load profiles before snapd is started -- at least if snap is not itself loading profiles before launching programs.
Thanks