Code review comment for lp:~sdeziel/apparmor-profiles/unbound-refresh

Simon, that's great. Nice job :) Since the error message is essentially harmless, and granting the permissions wouldn't actually allow the unlink anyway (since we're doing the chroot too), I think we can also ignore giving these permissions to unbound. We could add "deny" lines to silence the AppArmor denials but that might mask actual problems if unbound is modified in the future to require these privileges.

So, I propose we skip the new capabilities if we can; the new file rules look sane, adding those sounds like a good idea.

Does that sound fair?

Thanks