Whether to enable killing of processes which have an AppArmor profile enabled (in security.apparmor.policies) but are not confined (because AppArmor can only confine new processes). This is only sending a gracious SIGTERM signal to the processes, not a SIGKILL. Beware that due to a current limitation of AppArmor, only profiles with exact paths (and no name) can enable such kills.

false

true