Comment 34 for bug 1727202

Andrew, you could try adding:

flags=(attach_disconnected)

to the profile attachment line:

/usr/sbin/ntpd flags=(attach_disconnected) {

And add:

/run/systemd/journal/dev-log w,

to the profile, then run:

apparmor_parser --replace /etc/apparmor.d/usr.sbin.ntpd # or whatever the filename is

See if that lets you get useful logs, any new messages in dmesg or auditd logs, etc.

Thanks