Keeping the profiles in the running kernel is by design since there
might be processes that are still running under the profile on package
removal. dpkg doesn't do anything to guarantee that executables that the
package ships aren't running, so we can't reasonably unload the
profiles. Marking
I don't care too much about dh_apparmor (EWRONGDISTRO ;-) - but still:
Are you sure that unloading profiles when uninstalling a package is a
good idea? The binary installed by this package could still be running,
and unloading the profile (= unconfining the binary) might be a security
risk. (I
2 matches
Mail list logo
