Since the CI on *actually* rely on fixed nixos tests · LordGrimmauld/apparmor-dev@7ca6164 · GitHub passed, i have now automated end-to-end testing, from compile tasks of apparmor (make tests) through nix tooling (overlays) to VM tests (actually loading these overlays).
This is (imo) the first usable state for apparmor git packages, and now i can work on improving testing (reg tests still need a vm test output) as well as finally doing dev shells.
I did have to switch the flake tracking branch over to my nixkgs fork with the apparmor test cases fixed, but i will drop that as soon as my module/test fix PR is merged.
I am happy if people try it and open issue reports for issues they come across. But as always, keep backups and fallbacks (e.g. a specialization that disables apparmor) so you don’t brick your system.