Comment 16 for bug 1871148

Jamie, what happens on systems without snap installed? Will systemd start the apparmor service?

How much later does this push the already-too-late apparmor service?

Requiring a potentially new thing may push the apparmor unit further behind, allowing even more services to start before profiles have been loaded.

I have to think the better approach may have been to introduce something like apparmor@.service and configure an <email address hidden> that will load profiles before snapd is started -- at least if snap is not itself loading profiles before launching programs.

Thanks