Keeping the profiles in the running kernel is by design since there might be processes that are still running under the profile on package removal. dpkg doesn't do anything to guarantee that executables that the package ships aren't running, so we can't reasonably unload the profiles. Marking Won't Fix. If you feel strongly this is in error, please reopen with reasoning why.
** Changed in: apparmor (Ubuntu) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1682055 Title: dh_apparmor does not remove profiles(s) when purging package Status in apparmor package in Ubuntu: Won't Fix Bug description: dh_apparmor adds an entry to remove apparmor profiles added by a package when purging that package. However, it leaves the profiles loaded in the kernel; it should unload them from the kernel before removing them from the disk. Secondly, dh_apparmor could make life easier for maintainers when upgrading packages and the profile changes the name of profiles, child profiles, or hats contained within a profile file. Without this, the update can leave behind profiles etc. loaded into the kernel post a package update. This would ideally need to be triggered only when the upgrading package is older than a given version. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1682055/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp