Comment 13 for bug 1689585

How about suggesting the following to openntpd in Debian then?
Simon would you be so kind and open a bug there if that would find a consensus?

diff --git a/debian/openntpd.preinst b/debian/openntpd.preinst
index 4cb3147..3e55947 100644
--- a/debian/openntpd.preinst
+++ b/debian/openntpd.preinst
@@ -7,6 +7,12 @@ if dpkg-maintscript-helper supports rm_conffile 2>/dev/null; then
     dpkg-maintscript-helper rm_conffile /etc/apparmor.d/usr.sbin.ntpd 1:5.7p4-1 -- "$@"
 fi

+# due to former installations of ntp the system could still have an apparmor
+# loaded at the shared binary path /usr/sbin/ntpd. There are various reasons
+# discussed that dh_appamor nor ntp can unload it. But it could block openntp
+# to work, so remove it unconditionally.
+echo -n /usr/sbin/ntpd > /sys/kernel/security/apparmor/.remove 2>/dev/null || /bin/true
+
 #DEBHELPER#

 exit 0