I don't care too much about dh_apparmor (EWRONGDISTRO ;-) - but still: Are you sure that unloading profiles when uninstalling a package is a good idea? The binary installed by this package could still be running, and unloading the profile (= unconfining the binary) might be a security risk. (I assume there isn't a "killall -9 $binary" in the purge script ;-)
There might be rare cases where keeping a superfluous/deleted profile loaded causes problems (if another package installs a binary with the same name), but this is probably a corner case and would qualify as erroring out on the safe side IMHO. This basically also applies to renamed profiles - it's better to keep a superfluous profile loaded than to accidently unconfine a running process. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1682055 Title: dh_apparmor does not remove profiles(s) when purging package To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1682055/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
