Comment 3 for bug 1562989

It appears that the profile name can't start with 'u'. If I change the app-profile to prepend anything other than 'u', then it works.

Eg, if I update app-profile accordingly before each call to change the profile name:
$ sudo apparmor_parser -r ./app-profile ./launcher-profile && aa-exec -p launcher -- ./test-1562989 ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2 /usr/bin/uptime
argv[0]: ./test-1562989
argv[1]: ubuntu-clock-app.ubuntucoredev_clock_3.6+snap2
argv[2]: /usr/bin/uptime
aa_change_onexec failed with -1. errmsg: Permission denied

$ sudo apparmor_parser -r ./app-profile ./launcher-profile && aa-exec -p launcher -- ./test-1562989 u /usr/bin/uptimeargv[0]: ./test-1562989
argv[1]: u
argv[2]: /usr/bin/uptime
aa_change_onexec failed with -1. errmsg: Permission denied

$ sudo apparmor_parser -r ./app-profile ./launcher-profile && aa-exec -p launcher -- ./test-1562989 fooubuntu-clock-app.ubuntucoredev_clock_3.6+snap2 /usr/bin/uptime
argv[0]: ./test-1562989
argv[1]: fooubuntu-clock-app.ubuntucoredev_clock_3.6+snap2
argv[2]: /usr/bin/uptime
 15:40:27 up 18 min, 2 users, load average: 0.02, 0.10, 0.08

Wild guess would be the check for unconfined is busted.