Comment 22 for bug 1584456

Per agreement with jdstrand it is sufficient to verify that the new policy is a superset (that is, it allows to do more, not less) of the old policy. This prevents the possibility of regressions. Given that the original bug was reported on a non-common hardware/kernel combination this serves as a sufficient SRU verification.

As a part of the verification the apparmro profile from /etc/apparmor.d/usr.lib.snapd.snap-confine was copied before and after the proposed upgrade. The package upgraded successfully so the new profile was also successfully compiled and loaded into the kernel. Both profiles were compared and the new rule, containing the extra trailing slash, was present in the diff.