Comment 8 for bug 1967884

So while I don't think we are where snapd can get rid of the snap-confine.internal snippets, with it now vendoring a more recent apparmor, a lot of these can drop away. It doesn't need to detect capabilities anymore.

It can just specify

  deny capability perfmon,

and it will work, for all kernels.