Control: severity -1 normal 1. AppArmor is not enabled by default in Stretch 2. Currently stretch-backports has Linux 4.12 that's compatible with the policy shipped in Stretch, without need for any pinning
⇒ lowering priority. It'll become more important once Linux 4.13+ lands in stretch-backports, but even then IMO that'll remain a normal severity bug because a combination of 2 non-default settings is required to trigger any problem.