CR: P16g AppArmor Deployment — Rollback

Rollback Plan

# If AppArmor causes application breakage:
# 1. Set problem profile to complain mode
sudo aa-complain /etc/apparmor.d/<profile-name>

# 2. If all profiles are problematic, disable at boot
# Remove apparmor=1 and security=apparmor from boot entry
sudo sed -i 's/ lsm=landlock,lockdown,yama,integrity,apparmor,bpf apparmor=1 security=apparmor//' /boot/loader/entries/arch.conf
sudo reboot

Removing AppArmor from boot parameters re-exposes the full attack surface. Prefer switching individual profiles to complain mode over disabling the entire framework.