Comment 6 for bug 1489859

This is a replacement/remove bug in the kernel. Due to how creds are set up in the kernel profile replacement is best effort, and piecemeal instead of atomic.

There are a few places where old profiles can not be updated or the replacement/removal will fail. There is a kernel patch to improve how this is handled but it is not upstream and will require a custom built kernel.