(In reply to Christian Boltz from comment #3) > The biggest problem is the "systemctl restart" behaviour as described in bug > 853019. The only serious fix for that would be to add support for > ExecRestart= in systemd. Maybe the rework of a proper AppArmor integration in systemd mentioned here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796589#51, will address your concern ? Meanwhile the debian folks came up with a wrapper unit that I was initially asking for. Couldn't we do the same ?