Darix suggests the instances isn't a great idea. He instead recommends reading variables from a configuration file that are then used in the exec lines of the systemd unit file:
Then we could set the APPARMOR_SEARCH_LIST to /etc/apparmor.d/ on traditional systems, /etc/apparmor.d/ and /var/foo/click/apparmor.d/ on phones, /var/bar/snap/apparmor.d/ on snap-based things, etc.
cboltz reports that one-shot units do support ExecReload.
Darix suggests the instances isn't a great idea. He instead recommends reading variables from a configuration file that are then used in the exec lines of the systemd unit file:
[Unit] AppArmor profiles cies=no fs.target sysinit. target
Description=
DefaultDependen
After=local-
Before=
[Service] =-/etc/ sysconfig/ apparmor /usr/sbin/ apparmor_ parser -r $APPAMOR_ SEARCH_ LIST /usr/sbin/ apparmor_ parser -R $APPAMOR_ SEARCH_ LIST /usr/sbin/ apparmor_ parser --reload $APPAMOR_ SEARCH_ LIST
Type=oneshot
EnvironmentFile
ExecStart=
ExecStop=
ExecReload=
RemainAfterExit=yes
[Install] multi-user. target
WantedBy=
Then we could set the APPARMOR_ SEARCH_ LIST to /etc/apparmor.d/ on traditional systems, /etc/apparmor.d/ and /var/foo/ click/apparmor. d/ on phones, /var/bar/ snap/apparmor. d/ on snap-based things, etc.
cboltz reports that one-shot units do support ExecReload.