Comment 4 for bug 2063976

To clarify, this is not something that can be solved upstream in apparmor, and a profile can't be accepted due to the nature of the path location?

I'm really trying to avoid a situation where we need to add additional instructions after syncing AOSP just for Ubuntu users.

One idea for this was to take nsjail and package it in Debian and remove it from AOSP prebuilts, that way a proper profile could be upstreamed since the path would be static, but that wouldn't address all previous versions of Android.

Google has also been trying to move all binaries required for AOSP compile into the tree itself for more reproducible builds, so I'm not even sure if they'd accept that.