# This systemd unit is needed on distributions that use apparmor but don't have
# special support for loading snapd apparmor profiles. Until upstream apparmor
# user-space release contains a systemd unit that is actually shipped by
# distributors and that contains the necessary extension points for snapd the
# apparmor profiles for snap applications need to be loaded separately from
# other applications.
[Unit]
Description=Load AppArmor profiles managed internally by snapd
DefaultDependencies=no
Before=sysinit.target
# This dependency is meant to ensure that apparmor initialization (whatever that might entail) is complete.
After=apparmor.service
# In case of re-execution, snapd snap has to be mounted. apparmor.service has
# a dependency to local-fs.target which is enough in theory. But in case
# this dependency dispappears, it is better to have an explicit dependency to
# snapd.mount.target here.
After=snapd.mounts.target
Wants=snapd.mounts.target
ConditionSecurity=apparmor
RequiresMountsFor=/var/cache/apparmor /var/lib/snapd/apparmor/profiles
# This is handled by snapd
# X-Snapd-Snap: do-not-start

[Service]
Type=oneshot
ExecStart=@libexecdir@/snapd/snapd-apparmor start
EnvironmentFile=-@SNAPD_ENVIRONMENT_FILE@
EnvironmentFile=-/var/lib/snapd/environment/snapd.conf
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target