Ok, I now know the problem. What is happening is that the AppArmor profile for 9.10 added this line to the profile:
/etc/ssl/openssl.cnf r,
On upgrade, the package reloads the profile with (see debian/bind9.postinst):
apparmor_parser -r "$APP_PROFILE" || true
This was fine up until apparmor in 9.10 added cache files (which was after this change was made). When you install apparmor-profiles, it restarts apparmor via the initscript, which regenerates all the cache files. So apparmor-profiles has nothing to do with it-- it just happened to trigger regenerating the cache files.
I believe the fix to be to change the postinst script to have:
apparmor_parser -T -W -r "$APP_PROFILE" || true
This will force writing of the cache and should fix this. LaMont, can you handle this in your next upload for Lucid?
Ok, I now know the problem. What is happening is that the AppArmor profile for 9.10 added this line to the profile: ssl/openssl. cnf r,
/etc/
On upgrade, the package reloads the profile with (see debian/ bind9.postinst) :
apparmor_parser -r "$APP_PROFILE" || true
This was fine up until apparmor in 9.10 added cache files (which was after this change was made). When you install apparmor-profiles, it restarts apparmor via the initscript, which regenerates all the cache files. So apparmor-profiles has nothing to do with it-- it just happened to trigger regenerating the cache files.
I believe the fix to be to change the postinst script to have:
apparmor_parser -T -W -r "$APP_PROFILE" || true
This will force writing of the cache and should fix this. LaMont, can you handle this in your next upload for Lucid?