Apparmor patches for linux 4.9

This is somewhat a long shot, but I wanted to know if someone could point to the set of Linux kernel patches that would be required to enable strict confinement of snapd.

It seems @abeato, while trying to create kernel snap for the Jetson platform, kept a large set of patches for kernel 4.9 https://github.com/alfonsosanchezbeato/jetson-kernel-snap/tree/master/src/l4t_32.1.0/patch – I am curious if we could use only a subset of those patches to enable confinement.

We are trying to build a Yocto based image for Nvidia Xavier NX and need to enable snapd’s strict confinement.

@om26er most patches there are apparmor patches for confinement, and of the few that are left the majority are reverts of Android-related commits (yes, nvidia based their kernel on Android 4.9) that were breaking lxd/multipass. So, in fact I would not recommend dropping any patch if you want confinement. Note though that most if not all the patches are upstreamed, so it should not be such a maintenance headache if/when you upgrade to a new kernel.