document intentionally broken ExecStop in upstream apparmor.service

2025-08-22 10:07:12 +00:00 · 2021-11-19 20:43:19 +01:00 · 2021-11-19 20:43:19 +01:00 · c4068b6eee
commit c4068b6eee
parent 7d1d20048a
1 changed files with 2 additions and 0 deletions
--- a/AppArmorInSystemd.md
+++ b/AppArmorInSystemd.md
@ -93,6 +93,8 @@ tasks entering the unconfined state. The start will then load new
 policy however all tasks in the system will remain unconfined, only
 tasks start after the start operation will gain the new confinement.

+The upstream `apparmor.service` has intentionally broken `stop`. Using `restart` on distributions that use the upstream unit (for example openSUSE) isn't a problem. However, you'll need to use `aa-teardown` if you really want to unload all AppArmor profiles.
+
 Using systemd to set the apparmor profile/label
 ===============================================