From 44227c1f974a3c9bbd91ea03f45447e8aa78a78d Mon Sep 17 00:00:00 2001
From: John Johansen <john@jjmx.net>
Date: Thu, 24 Sep 2020 08:38:50 +0000
Subject: [PATCH] Update AppArmorInSystemd

---
 AppArmorInSystemd.md | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/AppArmorInSystemd.md b/AppArmorInSystemd.md
index 7c6d9b0..c4393f8 100644
--- a/AppArmorInSystemd.md
+++ b/AppArmorInSystemd.md
@@ -19,10 +19,15 @@ Early policy loads are required to confine systemd, and other early services or
 
 ## Early policy loads
 
-Requires
+Early policy must be precompiled binary (cache) that matches the kernel being booted and it must be placed in
+
+```
+/etc/apparmor/earlypolicy
+```
+
+The cache placed in ```/etc/apparmor/earlypolicy``` is expected to to conform to the per kernel directory hierarchy of regular cache.
+
 
-- all policy to be loaded to have precompiled cache that is available during early boot.
-  - cache must be in a location that is available eg. /etc/apparmor.d/cache or /lib/apparmor/cache. Cache in /var/cache/apparmor/ can NOT be used.
 
 ????
 - Load is not parallel with other units