How about suggesting the following to openntpd in Debian then?
Simon would you be so kind and open a bug there if that would find a consensus?
diff --git a/debian/openntpd.preinst b/debian/openntpd.preinst
index 4cb3147..3e55947 100644
--- a/debian/openntpd.preinst
+++ b/debian/openntpd.preinst
@@ -7,6 +7,12 @@ if dpkg-maintscript-helper supports rm_conffile 2>/dev/null; then
dpkg-maintscript-helper rm_conffile /etc/apparmor.d/usr.sbin.ntpd 1:5.7p4-1 -- "$@"
fi
+# due to former installations of ntp the system could still have an apparmor
+# loaded at the shared binary path /usr/sbin/ntpd. There are various reasons
+# discussed that dh_appamor nor ntp can unload it. But it could block openntp
+# to work, so remove it unconditionally.
+echo -n /usr/sbin/ntpd > /sys/kernel/security/apparmor/.remove 2>/dev/null || /bin/true
+
#DEBHELPER#
How about suggesting the following to openntpd in Debian then?
Simon would you be so kind and open a bug there if that would find a consensus?
diff --git a/debian/ openntpd. preinst b/debian/ openntpd. preinst openntpd. preinst openntpd. preinst t-helper supports rm_conffile 2>/dev/null; then maintscript- helper rm_conffile /etc/apparmor. d/usr.sbin. ntpd 1:5.7p4-1 -- "$@"
index 4cb3147..3e55947 100644
--- a/debian/
+++ b/debian/
@@ -7,6 +7,12 @@ if dpkg-maintscrip
dpkg-
fi
+# due to former installations of ntp the system could still have an apparmor security/ apparmor/ .remove 2>/dev/null || /bin/true
+# loaded at the shared binary path /usr/sbin/ntpd. There are various reasons
+# discussed that dh_appamor nor ntp can unload it. But it could block openntp
+# to work, so remove it unconditionally.
+echo -n /usr/sbin/ntpd > /sys/kernel/
+
#DEBHELPER#
exit 0