Great find!
if [ -n “$(lsblk /dev/disk/by-uuid/26ada0c0-1165-4098-884d-aafd2220c2c6 -o RO | grep “1”)” ]; then
Should we run that with sudo then? (And add a /etc/sudoers.d exception for it?)
Or is that futile because that file ought to be restricted by apparmor-profile-everything even for root?