Comment 1 for bug 1385382

I've thought about this quite a bit and I don't think there is anything we can do in AppArmor for this. The profiles simply need to have an mtime that is earlier than the cache files. Trying to hack around it in scripts trying to guess the state of the system relative to the clock would be brittle. However, adjusting the mtime in the files in /var/lib/apparmor/profiles/*, /etc/apparmor.d/* and /etc/apparmor.d/abstractions/* to be earlier than before the mtime of the cache files would work. This works with device resets and works when the clock is moved forward.