You are technically correct that the still-loaded profile doesn't match a clean uninstall. However, I have a different opinion on this and thing keeping the profile loaded is the better choice.
Unloading a profile means removing the confinement from running processes. So if a process is still running and (Hi Murphy!) does something bad after being uninstalled and becoming unconfined, you are screwed up. If the profile stays loaded, still running processes stay confined. The disadvantages are a) you waste some bytes in the RAM and b) if you install a different package shipping a binary with the same path, but without an AppArmor profile, it will suffer from the still-loaded profile. Both ways are not perfect, but I really prefer keeping the profile loaded because it does less harm. For comparison: Does the uninstall script also run "killall -9 ntp"? If so, feel free to unload the profile ;-) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1689585 Title: ntp doesn't unload its apparmor profile on purge To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1689585/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
