Once the AppArmor parser supports multiple, versioned policy cache files I will be adding the ability to generate the policy cache files at kernel postinst. This will involve shipping a flattened AppArmor features file in the Ubuntu kernel packages and then calling out to apparmor_parser and specifying the shipped features file. To avoid potential maintenance issues, there may need to be some script/program to generate a flattened features file from the security/apparmor/apparmorfs.c source file.
Once the AppArmor parser supports multiple, versioned policy cache files I will be adding the ability to generate the policy cache files at kernel postinst. This will involve shipping a flattened AppArmor features file in the Ubuntu kernel packages and then calling out to apparmor_parser and specifying the shipped features file. To avoid potential maintenance issues, there may need to be some script/program to generate a flattened features file from the security/ apparmor/ apparmorfs. c source file.