Comment 7 for bug 1689585

Christian is right and this is precisely why dh_apparmor intentionally does not unload the profile. Marking the apparmor task as Won't Fix since this has been discussed several times in the past (if apparmor upstream wants to revisit, we can open the bug).

The ntp package is still in a position to unload the profile if it desires, so leaving its task open, but I believe this would be a mistake and if done in Ubuntu, I would file a bug requesting the previous behavior.

I don't particularly care for the openntpd kludge, but you can unload a profile that was deleted from disk with:

sudo sh -c 'echo -n /usr/sbin/ntpd > /sys/kernel/security/apparmor/.remove'

(note, the '-n' with echo is important).