Comment 2 for bug 1438249

So at the moment, apparmor starts After=local-fs.target and Before=sysinit.target.

network-interface-security.conf does:

    start on (starting network-interface or starting network-manager or starting networking)

network-interface corresponds to ifup@.service, networking is just the ifupdown init.d script; these two need an After=apparmor.service. NetworkManager.service has DefaultDependencies=yes (the default), thus the ordering there is fine already.

It seems to me that adding these two ordering constraints is simpler and potentially also more efficient than running /sbin/apparmor_parser manually?