[tor-relays] Tor marked as "enforced" process in Apparmor, but also "unconfined"

[Christian]

Dear fellows,

I use Ubuntu Precise 12.04 and as I run a Bridge, I find the idea of
confining Tor with an Apparmor profile charming.

When upgrading Ubuntu and Tor, the Apparmor stuff seemed to be
automatically worked out, so I deleted my old handmade usr.sbin.tor
profile as I found the new system_tor profile.

Wenn I type "sudo aa-status", I get system_tor as "enforced process"
with its correct process id and there's no process "unconfined, but with
a profile defined".

But when I type "sudo aa-unconfined", /usr/sbin/tor ist marked as "not
confined".

So, what about that being charming? Is everything bad? Or good, and it's
just I'm an idiot?

I tried to rename the system_tor profile to usr.sbin.tor and adjusted
its name in the profile itself, but this only results in Tor being
listed under "unconfined processes that have a profile defined" when
typing "sudo aa-status".

Anybody who can see clear in this issue?

Any help is appreciated and thanks in advance.

christian

P.S.: I really did a "sudo service apparmor reload" ;-)