Browse code

Merge branch 'master' of https://github.com/vmware/photon

archive authored on 2018/09/14 23:30:26
Showing 146 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,19 @@
0
+### Project Manager
1
+* [Sharath George, @sharathjg](https://github.com/sharathjg)
2
+
3
+### Developers
4
+* [Ajay Kaher, @akaher](https://github.com/akaher)
5
+* [Alexey Makhalov, @YustasSwamp](https://github.com/YustasSwamp)
6
+* [Anish Swaminathan, @suezzelur](https://github.com/suezzelur)
7
+* [Ankit Jain, @jaankit](https://github.com/jaankit)
8
+* [Bo Gan, @ganboing](https://github.com/ganboing)
9
+* [Dheeraj Shetty, @DheerajSShetty](https://github.com/DheerajSShetty)
10
+* [Dweep Advani, @dweepadvani](https://github.com/dweepadvani)
11
+* [Him Bordoloi, @bordoloih](https://github.com/bordoloih)
12
+* [Keerthana K, @keerthanakalyan](https://github.com/keerthanakalyan)
13
+* [Michelle Wang, @michellew-vmware](https://github.com/michellew-vmware)
14
+* [Siju Maliakkal, @smaliakkal](https://github.com/smaliakkal)
15
+* [Srinidhi Rao, @srinidhira0](https://github.com/srinidhira0)
16
+* [Sriram Nambakam, @snambakam](https://github.com/snambakam)
17
+* [Srivatsa Bhat, @srivatsabhat](https://github.com/srivatsabhat)
18
+* [Tapas Kundu, @tapakund](https://github.com/tapakund)
... ...
@@ -1,20 +1,58 @@
1 1
 ![Photon](http://storage.googleapis.com/project-photon/vmw-logo-photon.svg "VMware Photon")
2 2
 
3
-**Welcome to VMware Photon OS: Linux Container Host**
4

                
3
+# Photon OS: Linux Container Host
5 4
 
6
-This repository is intended for developers who want to modify Photon and build their own customized ISO images or contribute to the code base.
5
+### Contents
6
+- [What is Photon OS](#what-is-photon)
7
+- [Getting Photon OS](#getting-photon)
8
+- [Getting Started](#getting-started)
9
+- [Contributing](#contributing)
10
+- [License](#license)
11
+- [Photon OS Resources](#resources)
7 12
 
8
-**Photon OS 2.0 is here!**
13
+## What is Photon OS?
14
+Photon OS™ is an open source Linux container host optimized for cloud-native applications, cloud platforms, and VMware infrastructure. Photon OS provides a secure run-time environment for efficiently running containers. Some of the key highlights of Photon OS are:
15
+
16
+- **Optimized for VMware hypervisor:** The Linux kernel is tuned for performance when Photon OS runs on VMware ESXi.
17
+
18
+- **Support for containers:** Photon OS includes the Docker daemon and works with container orchestration frameworks, such as Mesos and Kubernetes.
19
+
20
+- **Efficient lifecycle management:** Photon OS is easy to manage, patch, and update, using the [tdnf package manager](https://github.com/vmware/photon/blob/master/docs/photon-admin-guide.md#tiny-dnf-for-package-management) and the [Photon Management Daemon (pmd)](https://github.com/vmware/pmd).
21
+
22
+- **Security hardened:** Photon OS provides secure and up-to-date kernel and other packages, and its policies are designed to govern the system securely.
23
+
24
+For an overview of Photon OS, see [https://vmware.github.io/photon/](https://vmware.github.io/photon/)
25
+
26
+## Getting Photon OS
27
+
28
+Photon OS binaries are available in a number of formats, including ISO, OVA and cloud images such as Amazon AMI, Google Cloud GCE image and Azure VHD.
29
+
30
+For download instructions and links to Photon OS binaries, go to the [Download Guide](https://github.com/vmware/photon/wiki/Downloading-Photon-OS).
31
+
32
+*Photon OS 2.0 is here!*
9 33
 --------------------------
10 34
 Photon OS 2.0 introduces new security and OS management capabilities, along with new and updated packages for Cloud native applications and VMware appliances. 
11 35
 
12
-- For download instructions and links to Photon OS binaries, go to the [Download Guide in the github wiki](https://github.com/vmware/photon/wiki/Downloading-Photon-OS).
13
-- For an overview of changes, see [What's New in Photon OS 2.0 in the github wiki](https://github.com/vmware/photon/wiki/What-is-New-in-Photon-OS-2.0).
36
+For an overview of changes, see [What's New in Photon OS 2.0](https://github.com/vmware/photon/wiki/What-is-New-in-Photon-OS-2.0).
37
+
38
+## Getting Started
39
+Begin your Photon OS journey by browsing our extensive guides on getting started in the [Photon OS Wiki](https://github.com/vmware/photon/wiki).
40
+
41
+## Contributing
42
+The Photon OS project team welcomes contributions from the community.
43
+
44
+If you wish to contribute code and you have not signed our Contributor License Agreement (CLA), our CLA-bot will take you through the process and update the issue when you open a [Pull Request](https://help.github.com/articles/creating-a-pull-request). If you have questions about the CLA process, see our CLA [FAQ](https://cla.vmware.com/faq) or contact us through the GitHub issue tracker.
45
+
46
+To help you get started making contributions to Photon OS, we have collected some helpful best practices in the [Contributing guidelines](https://github.com/vmware/photon/blob/master/contributing.md).
47
+
48
+Before you start to code, we recommend discussing your plans through a GitHub issue or discuss it first with the official project [maintainers](https://github.com/vmware/photon/blob/dev/AUTHORS.md) via the [#photon Slack Channel](https://vmwarecode.slack.com/messages/photon/), especially for more ambitious contributions. This gives other contributors a chance to point you in the right direction, give you feedback on your design, and help you find out if someone else is working on the same thing.
49
+
50
+## License
51
+The Photon OS ISO and OVA images are distributed under the [Photon OS EULA](https://github.com/vmware/photon/blob/2.0/installer/EULA.txt).
52
+
53
+With the exception of the 'libtdnf' source code, Photon OS source code is distributed under GNU GPL v2. The 'libtdnf' source code is distributed under GNU LGPL v2.1. For more details, please refer to the [Photon OS Open Source License file](https://github.com/vmware/photon/blob/master/COPYING).
14 54
 
15
-**Photon OS Resources**
55
+## Photon OS Resources
16 56
 
17 57
 - **Documentation**: See the [Docs](docs/) folder.
18 58
 - **Security Updates**: Visit [Security-Advisories](https://github.com/vmware/photon/wiki/Security-Advisories).
19 59
new file mode 100644
... ...
@@ -0,0 +1,12 @@
0
+diff -Naur apparmor-2.13/parser/apparmor.service apparmor-2.13-mod/parser/apparmor.service
1
+--- apparmor-2.13/parser/apparmor.service	2018-04-15 19:18:53.000000000 +0530
2
+@@ -9,7 +9,7 @@
3
+ 
4
+ [Service]
5
+ Type=oneshot
6
+-ExecStart=/lib/apparmor/apparmor.systemd reload
7
++ExecStart=/lib/apparmor/apparmor.systemd start
8
+ ExecReload=/lib/apparmor/apparmor.systemd reload
9
+ 
10
+ # systemd maps 'restart' to 'stop; start' which means removing AppArmor confinement
0 11
new file mode 100644
... ...
@@ -0,0 +1,1743 @@
0
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/bin.netstat apparmor-2.13-mod/profiles/apparmor/profiles/extras/bin.netstat
1
+--- apparmor-2.13/profiles/apparmor/profiles/extras/bin.netstat	2018-04-15 19:18:53.000000000 +0530
2
+@@ -15,7 +15,7 @@
3
+ 
4
+ #include <tunables/global>
5
+ 
6
+-profile netstat /{usr/,}bin/netstat {
7
++profile netstat /{usr/,}bin/netstat flags=(complain) {
8
+   #include <abstractions/base>
9
+   #include <abstractions/consoles>
10
+   #include <abstractions/nameservice>
11
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate apparmor-2.13-mod/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate
12
+--- apparmor-2.13/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate	2018-04-15 19:18:53.000000000 +0530
13
+@@ -13,7 +13,7 @@
14
+ 
15
+ #include <tunables/global>
16
+ 
17
+-/etc/cron.daily/logrotate {
18
++/etc/cron.daily/logrotate flags=(complain) {
19
+   #include <abstractions/base>
20
+   #include <abstractions/bash>
21
+   #include <abstractions/nameservice>
22
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron apparmor-2.13-mod/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron
23
+--- apparmor-2.13/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron	2018-04-15 19:18:53.000000000 +0530
24
+@@ -14,7 +14,7 @@
25
+ 
26
+ #include <tunables/global>
27
+ 
28
+-/etc/cron.daily/slocate.cron {
29
++/etc/cron.daily/slocate.cron flags=(complain) {
30
+   #include <abstractions/base>
31
+   /{usr/,}bin/bash                 mixr,
32
+   /dev/tty                         wr  ,
33
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch apparmor-2.13-mod/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch
34
+--- apparmor-2.13/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch	2018-04-15 19:18:53.000000000 +0530
35
+@@ -10,7 +10,7 @@
36
+ 
37
+ #include <tunables/global>
38
+ 
39
+-/etc/cron.daily/tmpwatch {
40
++/etc/cron.daily/tmpwatch flags=(complain) {
41
+   #include <abstractions/base>
42
+   /etc/cron.daily/tmpwatch  r,
43
+   /tmp                      r,
44
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/sbin.dhclient apparmor-2.13-mod/profiles/apparmor/profiles/extras/sbin.dhclient
45
+--- apparmor-2.13/profiles/apparmor/profiles/extras/sbin.dhclient	2018-04-15 19:18:53.000000000 +0530
46
+@@ -21,7 +21,7 @@
47
+ 
48
+ #include <tunables/global>
49
+ 
50
+-profile dhclient /{usr/,}sbin/dhclient {
51
++profile dhclient /{usr/,}sbin/dhclient flags=(complain) {
52
+   #include <abstractions/base>
53
+   #include <abstractions/bash>
54
+   #include <abstractions/nameservice>
55
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/sbin.dhclient-script apparmor-2.13-mod/profiles/apparmor/profiles/extras/sbin.dhclient-script
56
+--- apparmor-2.13/profiles/apparmor/profiles/extras/sbin.dhclient-script	2018-04-15 19:18:53.000000000 +0530
57
+@@ -4,7 +4,7 @@
58
+ # dhclient-script will call plugins from /etc/netconfig.d, so this
59
+ # will need to be extended on a per-site basis.
60
+ 
61
+-profile dhclient-script /{usr/,}sbin/dhclient-script {
62
++profile dhclient-script /{usr/,}sbin/dhclient-script flags=(complain) {
63
+   #include <abstractions/base>
64
+   #include <abstractions/bash>
65
+   #include <abstractions/consoles>
66
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/sbin.dhcpcd apparmor-2.13-mod/profiles/apparmor/profiles/extras/sbin.dhcpcd
67
+--- apparmor-2.13/profiles/apparmor/profiles/extras/sbin.dhcpcd	2018-04-15 19:18:53.000000000 +0530
68
+@@ -18,7 +18,7 @@
69
+ 
70
+ #include <tunables/global>
71
+ 
72
+-profile dhcpcd /{usr/,}sbin/dhcpcd {
73
++profile dhcpcd /{usr/,}sbin/dhcpcd flags=(complain) {
74
+   #include <abstractions/base>
75
+   #include <abstractions/nameservice>
76
+ 
77
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/sbin.portmap apparmor-2.13-mod/profiles/apparmor/profiles/extras/sbin.portmap
78
+--- apparmor-2.13/profiles/apparmor/profiles/extras/sbin.portmap	2018-04-15 19:18:53.000000000 +0530
79
+@@ -10,7 +10,7 @@
80
+ 
81
+ #include <tunables/global>
82
+ 
83
+-profile portmap /{usr/,}sbin/portmap {
84
++profile portmap /{usr/,}sbin/portmap flags=(complain) {
85
+   #include <abstractions/base>
86
+   #include <abstractions/nameservice>
87
+ 
88
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/sbin.resmgrd apparmor-2.13-mod/profiles/apparmor/profiles/extras/sbin.resmgrd
89
+--- apparmor-2.13/profiles/apparmor/profiles/extras/sbin.resmgrd	2018-04-15 19:18:53.000000000 +0530
90
+@@ -12,7 +12,7 @@
91
+ 
92
+ #include <tunables/global>
93
+ 
94
+-profile resmgrd /{usr/,}sbin/resmgrd {
95
++profile resmgrd /{usr/,}sbin/resmgrd flags=(complain) {
96
+   #include <abstractions/base>
97
+   #include <abstractions/nameservice>
98
+ 
99
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/sbin.rpc.lockd apparmor-2.13-mod/profiles/apparmor/profiles/extras/sbin.rpc.lockd
100
+--- apparmor-2.13/profiles/apparmor/profiles/extras/sbin.rpc.lockd	2018-04-15 19:18:53.000000000 +0530
101
+@@ -10,7 +10,7 @@
102
+ 
103
+ #include <tunables/global>
104
+ 
105
+-profile rpc.lockd /{usr/,}sbin/rpc.lockd {
106
++profile rpc.lockd /{usr/,}sbin/rpc.lockd flags=(complain) {
107
+   #include <abstractions/base>
108
+   /{usr/,}sbin/rpc.lockd	rmix,
109
+ }
110
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/sbin.rpc.statd apparmor-2.13-mod/profiles/apparmor/profiles/extras/sbin.rpc.statd
111
+--- apparmor-2.13/profiles/apparmor/profiles/extras/sbin.rpc.statd	2018-04-15 19:18:53.000000000 +0530
112
+@@ -10,7 +10,7 @@
113
+ 
114
+ #include <tunables/global>
115
+ 
116
+-profile rpc.statd /{usr/,}sbin/rpc.statd {
117
++profile rpc.statd /{usr/,}sbin/rpc.statd flags=(complain) {
118
+   #include <abstractions/base>
119
+   #include <abstractions/nameservice>
120
+   /etc/rpc                         r,
121
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.acroread apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.acroread
122
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.acroread	2018-04-15 19:18:53.000000000 +0530
123
+@@ -12,7 +12,7 @@
124
+ 
125
+ #include <tunables/global>
126
+ 
127
+-/usr/X11R6/bin/acroread {
128
++/usr/X11R6/bin/acroread flags=(complain) {
129
+   #include <abstractions/base>
130
+   #include <abstractions/bash>
131
+   #include <abstractions/consoles>
132
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.apropos apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.apropos
133
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.apropos	2018-04-15 19:18:53.000000000 +0530
134
+@@ -10,7 +10,7 @@
135
+ 
136
+ #include <tunables/global>
137
+ 
138
+-/usr/bin/apropos {
139
++/usr/bin/apropos flags=(complain) {
140
+   #include <abstractions/base>
141
+   #include <abstractions/bash>
142
+   #include <abstractions/consoles>
143
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10 apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10
144
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10	2018-04-15 19:18:53.000000000 +0530
145
+@@ -40,7 +40,7 @@
146
+ 
147
+ #include <tunables/global>
148
+ 
149
+-/usr/bin/evolution-2.10 {
150
++/usr/bin/evolution-2.10 flags=(complain) {
151
+   #include <abstractions/base>
152
+   #include <abstractions/bash>
153
+   #include <abstractions/consoles>
154
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.fam apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.fam
155
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.fam	2018-04-15 19:18:53.000000000 +0530
156
+@@ -10,7 +10,7 @@
157
+ 
158
+ #include <tunables/global>
159
+ 
160
+-/usr/bin/fam {
161
++/usr/bin/fam flags=(complain) {
162
+   #include <abstractions/base>
163
+   #include <abstractions/nameservice>
164
+   /tmp/.fam*		wl,
165
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.freshclam apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.freshclam
166
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.freshclam	2018-04-15 19:18:53.000000000 +0530
167
+@@ -10,7 +10,7 @@
168
+ 
169
+ #include <tunables/global>
170
+ 
171
+-/usr/bin/freshclam {
172
++/usr/bin/freshclam flags=(complain) {
173
+   #include <abstractions/base>
174
+   #include <abstractions/consoles>
175
+   #include <abstractions/nameservice>
176
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.gaim apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.gaim
177
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.gaim	2018-04-15 19:18:53.000000000 +0530
178
+@@ -12,7 +12,7 @@
179
+ 
180
+ #include <tunables/global>
181
+ 
182
+-/usr/bin/gaim {
183
++/usr/bin/gaim flags=(complain) {
184
+   #include <abstractions/audio>
185
+   #include <abstractions/base>
186
+   #include <abstractions/bash>
187
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.man apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.man
188
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.man	2018-04-15 19:18:53.000000000 +0530
189
+@@ -14,7 +14,7 @@
190
+ 
191
+ #include <tunables/global>
192
+ 
193
+-/usr/bin/man {
194
++/usr/bin/man flags=(complain) {
195
+   #include <abstractions/base>
196
+   #include <abstractions/nameservice>
197
+ 
198
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce
199
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce	2018-04-15 19:18:53.000000000 +0530
200
+@@ -12,7 +12,7 @@
201
+ 
202
+ #include <tunables/global>
203
+ 
204
+-/usr/bin/mlmmj-bounce {
205
++/usr/bin/mlmmj-bounce flags=(complain) {
206
+   #include <abstractions/base>
207
+ 
208
+   /usr/bin/mlmmj-bounce mr,
209
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd
210
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd	2018-04-15 19:18:53.000000000 +0530
211
+@@ -12,7 +12,7 @@
212
+ 
213
+ #include <tunables/global>
214
+ 
215
+-/usr/bin/mlmmj-maintd {
216
++/usr/bin/mlmmj-maintd flags=(complain) {
217
+   #include <abstractions/base>
218
+ 
219
+   capability setuid,
220
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh
221
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh	2018-04-15 19:18:53.000000000 +0530
222
+@@ -11,7 +11,7 @@
223
+ 
224
+ #include <tunables/global>
225
+ 
226
+-/usr/bin/mlmmj-make-ml.sh {
227
++/usr/bin/mlmmj-make-ml.sh flags=(complain) {
228
+   #include <abstractions/base>
229
+   #include <abstractions/bash>
230
+   #include <abstractions/consoles>
231
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process
232
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process	2018-04-15 19:18:53.000000000 +0530
233
+@@ -12,7 +12,7 @@
234
+ 
235
+ #include <tunables/global>
236
+ 
237
+-/usr/bin/mlmmj-process {
238
++/usr/bin/mlmmj-process flags=(complain) {
239
+   #include <abstractions/base>
240
+ 
241
+   /usr/bin/mlmmj-process mr,
242
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive
243
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive	2018-04-15 19:18:53.000000000 +0530
244
+@@ -12,7 +12,7 @@
245
+ 
246
+ #include <tunables/global>
247
+ 
248
+-/usr/bin/mlmmj-receive {
249
++/usr/bin/mlmmj-receive flags=(complain) {
250
+   #include <abstractions/base>
251
+ 
252
+   /usr/bin/mlmmj-process Px,
253
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve
254
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve	2018-04-15 19:18:53.000000000 +0530
255
+@@ -16,7 +16,7 @@
256
+ 
257
+ #include <tunables/global>
258
+ 
259
+-/usr/bin/mlmmj-recieve {
260
++/usr/bin/mlmmj-recieve flags=(complain) {
261
+   #include <abstractions/base>
262
+ 
263
+   /usr/bin/mlmmj-process Px,
264
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send
265
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send	2018-04-15 19:18:53.000000000 +0530
266
+@@ -12,7 +12,7 @@
267
+ 
268
+ #include <tunables/global>
269
+ 
270
+-/usr/bin/mlmmj-send {
271
++/usr/bin/mlmmj-send flags=(complain) {
272
+   #include <abstractions/base>
273
+   #include <abstractions/nameservice>
274
+ 
275
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub
276
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub	2018-04-15 19:18:53.000000000 +0530
277
+@@ -12,7 +12,7 @@
278
+ 
279
+ #include <tunables/global>
280
+ 
281
+-/usr/bin/mlmmj-sub {
282
++/usr/bin/mlmmj-sub flags=(complain) {
283
+   #include <abstractions/base>
284
+ 
285
+   capability setuid,
286
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub
287
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub	2018-04-15 19:18:53.000000000 +0530
288
+@@ -12,7 +12,7 @@
289
+ 
290
+ #include <tunables/global>
291
+ 
292
+-/usr/bin/mlmmj-unsub {
293
++/usr/bin/mlmmj-unsub flags=(complain) {
294
+   #include <abstractions/base>
295
+ 
296
+   /usr/bin/mlmmj-unsub mr,
297
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.opera apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.opera
298
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.opera	2018-04-15 19:18:53.000000000 +0530
299
+@@ -10,7 +10,7 @@
300
+ # vim:syntax=apparmor
301
+ 
302
+ #include <tunables/global>
303
+-/usr/bin/opera {
304
++/usr/bin/opera flags=(complain) {
305
+   #include <abstractions/base>
306
+   #include <abstractions/bash>
307
+   #include <abstractions/consoles>
308
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.passwd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.passwd
309
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.passwd	2018-04-15 19:18:53.000000000 +0530
310
+@@ -11,7 +11,7 @@
311
+ 
312
+ #include <tunables/global>
313
+ 
314
+-/usr/bin/passwd {
315
++/usr/bin/passwd flags=(complain) {
316
+   #include <abstractions/authentication>
317
+   #include <abstractions/base>
318
+   #include <abstractions/consoles>
319
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.procmail apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.procmail
320
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.procmail	2018-04-15 19:18:53.000000000 +0530
321
+@@ -10,7 +10,7 @@
322
+ 
323
+ #include <tunables/global>
324
+ 
325
+-/usr/bin/procmail {
326
++/usr/bin/procmail flags=(complain) {
327
+   #include <abstractions/base>
328
+   #include <abstractions/bash>
329
+   #include <abstractions/nameservice>
330
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.spamc apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.spamc
331
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.spamc	2018-04-15 19:18:53.000000000 +0530
332
+@@ -12,7 +12,7 @@
333
+ 
334
+ #include <tunables/global>
335
+ 
336
+-/usr/bin/spamc {
337
++/usr/bin/spamc flags=(complain) {
338
+   #include <abstractions/base>
339
+   #include <abstractions/nameservice>
340
+ 
341
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.svnserve apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.svnserve
342
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.svnserve	2018-04-15 19:18:53.000000000 +0530
343
+@@ -10,7 +10,7 @@
344
+ 
345
+ #include <tunables/global>
346
+ 
347
+-/usr/bin/svnserve {
348
++/usr/bin/svnserve flags=(complain) {
349
+   #include <abstractions/base>
350
+   #include <abstractions/nameservice>
351
+ 
352
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.wireshark apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.wireshark
353
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.wireshark	2018-04-15 19:18:53.000000000 +0530
354
+@@ -12,7 +12,7 @@
355
+ 
356
+ #include <tunables/global>
357
+ 
358
+-/usr/bin/wireshark {
359
++/usr/bin/wireshark flags=(complain) {
360
+   #include <abstractions/base>
361
+   #include <abstractions/bash>
362
+   #include <abstractions/consoles>
363
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.xfs apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.bin.xfs
364
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.bin.xfs	2018-04-15 19:18:53.000000000 +0530
365
+@@ -10,7 +10,7 @@
366
+ 
367
+ #include <tunables/global>
368
+ 
369
+-/usr/bin/xfs {
370
++/usr/bin/xfs flags=(complain) {
371
+   #include <abstractions/base>
372
+   #include <abstractions/nameservice>
373
+ 
374
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2 apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2
375
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2	2018-04-15 19:18:53.000000000 +0530
376
+@@ -12,7 +12,7 @@
377
+ 
378
+ #include <tunables/global>
379
+ 
380
+-/usr/lib64/GConf/2/gconfd-2 {
381
++/usr/lib64/GConf/2/gconfd-2 flags=(complain) {
382
+   #include <abstractions/base>
383
+   #include <abstractions/nameservice>
384
+   #include <abstractions/user-tmp>
385
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server
386
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server	2018-04-15 19:18:53.000000000 +0530
387
+@@ -12,7 +12,7 @@
388
+ 
389
+ #include <tunables/global>
390
+ 
391
+-/usr/lib/bonobo/bonobo-activation-server {
392
++/usr/lib/bonobo/bonobo-activation-server flags=(complain) {
393
+   #include <abstractions/base>
394
+   #include <abstractions/nameservice>
395
+   #include <abstractions/user-tmp>
396
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10 apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10
397
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10	2018-04-15 19:18:53.000000000 +0530
398
+@@ -12,7 +12,7 @@
399
+ 
400
+ #include <tunables/global>
401
+ 
402
+-/usr/lib/evolution-data-server/evolution-data-server-1.10 {
403
++/usr/lib/evolution-data-server/evolution-data-server-1.10 flags=(complain) {
404
+   #include <abstractions/base>
405
+   #include <abstractions/nameservice>
406
+   #include <abstractions/user-tmp>
407
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox
408
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox	2018-04-15 19:18:53.000000000 +0530
409
+@@ -16,7 +16,7 @@
410
+ #  /usr/lib/firefox-4.0b8/firefox
411
+ # but not:
412
+ #  /usr/lib/firefox-4.0b8/firefox.sh
413
+-/usr/lib/firefox{,-[0-9]*}/firefox{,*[^s][^h]} {
414
++/usr/lib/firefox{,-[0-9]*}/firefox{,*[^s][^h]} flags=(complain) {
415
+   #include <abstractions/audio>
416
+   #include <abstractions/cups-client>
417
+   #include <abstractions/dbus-session>
418
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox.sh apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox.sh
419
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox.sh	2018-04-15 19:18:53.000000000 +0530
420
+@@ -1,7 +1,7 @@
421
+ # Last Modified: Wed Nov  5 03:32:59 2008
422
+ #include <tunables/global>
423
+ 
424
+-/usr/lib/firefox/firefox.sh {
425
++/usr/lib/firefox/firefox.sh flags=(complain) {
426
+   #include <abstractions/base>
427
+   #include <abstractions/bash>
428
+   #include <abstractions/consoles>
429
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client
430
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client	2018-04-15 19:18:53.000000000 +0530
431
+@@ -12,7 +12,7 @@
432
+ 
433
+ #include <tunables/global>
434
+ 
435
+-/usr/lib/firefox/mozilla-xremote-client {
436
++/usr/lib/firefox/mozilla-xremote-client flags=(complain) {
437
+   #include <abstractions/base>
438
+   #include <abstractions/X>
439
+ 
440
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2 apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2
441
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2	2018-04-15 19:18:53.000000000 +0530
442
+@@ -12,7 +12,7 @@
443
+ 
444
+ #include <tunables/global>
445
+ 
446
+-/usr/lib/GConf/2/gconfd-2 {
447
++/usr/lib/GConf/2/gconfd-2 flags=(complain) {
448
+   #include <abstractions/base>
449
+   #include <abstractions/nameservice>
450
+   #include <abstractions/user-tmp>
451
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.man-db.man apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.man-db.man
452
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.man-db.man	2018-04-15 19:18:53.000000000 +0530
453
+@@ -11,7 +11,7 @@
454
+ 
455
+ #include <tunables/global>
456
+ 
457
+-/usr/lib/man-db/man {
458
++/usr/lib/man-db/man flags=(complain) {
459
+   #include <abstractions/base>
460
+   #include <abstractions/bash>
461
+   #include <abstractions/consoles>
462
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.anvil apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.anvil
463
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.anvil	2018-04-15 19:18:53.000000000 +0530
464
+@@ -10,7 +10,7 @@
465
+ 
466
+ #include <tunables/global>
467
+ 
468
+-/usr/lib/postfix/anvil {
469
++/usr/lib/postfix/anvil flags=(complain) {
470
+   #include <abstractions/base>
471
+   #include <abstractions/nameservice>
472
+   #include <abstractions/postfix-common>
473
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.bounce apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.bounce
474
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.bounce	2018-04-15 19:18:53.000000000 +0530
475
+@@ -10,7 +10,7 @@
476
+ 
477
+ #include <tunables/global>
478
+ 
479
+-/usr/lib/postfix/bounce {
480
++/usr/lib/postfix/bounce flags=(complain) {
481
+   #include <abstractions/base>
482
+   #include <abstractions/nameservice>
483
+   #include <abstractions/postfix-common>
484
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.cleanup apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.cleanup
485
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.cleanup	2018-04-15 19:18:53.000000000 +0530
486
+@@ -10,7 +10,7 @@
487
+ 
488
+ #include <tunables/global>
489
+ 
490
+-/usr/lib/postfix/cleanup {
491
++/usr/lib/postfix/cleanup flags=(complain) {
492
+   #include <abstractions/base>
493
+   #include <abstractions/nameservice>
494
+   #include <abstractions/postfix-common>
495
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.discard apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.discard
496
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.discard	2018-04-15 19:18:53.000000000 +0530
497
+@@ -11,7 +11,7 @@
498
+ 
499
+ #include <tunables/global>
500
+ 
501
+-/usr/lib/postfix/discard {
502
++/usr/lib/postfix/discard flags=(complain) {
503
+   #include <abstractions/base>
504
+ 
505
+   /usr/lib/postfix/discard rmix,
506
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.error apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.error
507
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.error	2018-04-15 19:18:53.000000000 +0530
508
+@@ -11,7 +11,7 @@
509
+ 
510
+ #include <tunables/global>
511
+ 
512
+-/usr/lib/postfix/error {
513
++/usr/lib/postfix/error flags=(complain) {
514
+   #include <abstractions/base>
515
+   #include <abstractions/nameservice>
516
+   #include <abstractions/postfix-common>
517
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.flush apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.flush
518
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.flush	2018-04-15 19:18:53.000000000 +0530
519
+@@ -10,7 +10,7 @@
520
+ 
521
+ #include <tunables/global>
522
+ 
523
+-/usr/lib/postfix/flush {
524
++/usr/lib/postfix/flush flags=(complain) {
525
+   #include <abstractions/base>
526
+   #include <abstractions/nameservice>
527
+   #include <abstractions/postfix-common>
528
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.lmtp apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.lmtp
529
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.lmtp	2018-04-15 19:18:53.000000000 +0530
530
+@@ -11,7 +11,7 @@
531
+ 
532
+ #include <tunables/global>
533
+ 
534
+-/usr/lib/postfix/lmtp {
535
++/usr/lib/postfix/lmtp flags=(complain) {
536
+   #include <abstractions/base>
537
+   #include <abstractions/nameservice>
538
+   #include <abstractions/postfix-common>
539
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.local apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.local
540
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.local	2018-04-15 19:18:53.000000000 +0530
541
+@@ -10,7 +10,7 @@
542
+ 
543
+ #include <tunables/global>
544
+ 
545
+-/usr/lib/postfix/local {
546
++/usr/lib/postfix/local flags=(complain) {
547
+   #include <abstractions/base>
548
+   #include <abstractions/bash>
549
+   #include <abstractions/nameservice>
550
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.master apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.master
551
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.master	2018-04-15 19:18:53.000000000 +0530
552
+@@ -10,7 +10,7 @@
553
+ 
554
+ #include <tunables/global>
555
+ 
556
+-/usr/lib/postfix/master {
557
++/usr/lib/postfix/master flags=(complain) {
558
+   #include <abstractions/base>
559
+   #include <abstractions/nameservice>
560
+   #include <abstractions/postfix-common>
561
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.nqmgr apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.nqmgr
562
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.nqmgr	2018-04-15 19:18:53.000000000 +0530
563
+@@ -10,7 +10,7 @@
564
+ 
565
+ #include <tunables/global>
566
+ 
567
+-/usr/lib/postfix/nqmgr {
568
++/usr/lib/postfix/nqmgr flags=(complain) {
569
+   #include <abstractions/base>
570
+   #include <abstractions/nameservice>
571
+   #include <abstractions/postfix-common>
572
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.oqmgr apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.oqmgr
573
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.oqmgr	2018-04-15 19:18:53.000000000 +0530
574
+@@ -11,7 +11,7 @@
575
+ 
576
+ #include <tunables/global>
577
+ 
578
+-/usr/lib/postfix/oqmgr {
579
++/usr/lib/postfix/oqmgr flags=(complain) {
580
+   #include <abstractions/base>
581
+   #include <abstractions/nameservice>
582
+   #include <abstractions/postfix-common>
583
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.pickup apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.pickup
584
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.pickup	2018-04-15 19:18:53.000000000 +0530
585
+@@ -10,7 +10,7 @@
586
+ 
587
+ #include <tunables/global>
588
+ 
589
+-/usr/lib/postfix/pickup {
590
++/usr/lib/postfix/pickup flags=(complain) {
591
+   #include <abstractions/base>
592
+   #include <abstractions/nameservice>
593
+   #include <abstractions/postfix-common>
594
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.pipe apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.pipe
595
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.pipe	2018-04-15 19:18:53.000000000 +0530
596
+@@ -11,7 +11,7 @@
597
+ 
598
+ #include <tunables/global>
599
+ 
600
+-/usr/lib/postfix/pipe {
601
++/usr/lib/postfix/pipe flags=(complain) {
602
+   #include <abstractions/base>
603
+   #include <abstractions/nameservice>
604
+   #include <abstractions/postfix-common>
605
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.proxymap apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.proxymap
606
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.proxymap	2018-04-15 19:18:53.000000000 +0530
607
+@@ -10,7 +10,7 @@
608
+ 
609
+ #include <tunables/global>
610
+ 
611
+-/usr/lib/postfix/proxymap {
612
++/usr/lib/postfix/proxymap flags=(complain) {
613
+   #include <abstractions/base>
614
+   #include <abstractions/nameservice>
615
+   #include <abstractions/postfix-common>
616
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.qmgr apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.qmgr
617
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.qmgr	2018-04-15 19:18:53.000000000 +0530
618
+@@ -10,7 +10,7 @@
619
+ 
620
+ #include <tunables/global>
621
+ 
622
+-/usr/lib/postfix/qmgr {
623
++/usr/lib/postfix/qmgr flags=(complain) {
624
+   #include <abstractions/base>
625
+   #include <abstractions/nameservice>
626
+   #include <abstractions/postfix-common>
627
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.qmqpd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.qmqpd
628
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.qmqpd	2018-04-15 19:18:53.000000000 +0530
629
+@@ -10,7 +10,7 @@
630
+ 
631
+ #include <tunables/global>
632
+ 
633
+-/usr/lib/postfix/qmqpd {
634
++/usr/lib/postfix/qmqpd flags=(complain) {
635
+   #include <abstractions/base>
636
+   #include <abstractions/nameservice>
637
+   #include <abstractions/postfix-common>
638
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.scache apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.scache
639
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.scache	2018-04-15 19:18:53.000000000 +0530
640
+@@ -12,7 +12,7 @@
641
+ 
642
+ #include <tunables/global>
643
+ 
644
+-/usr/lib/postfix/scache {
645
++/usr/lib/postfix/scache flags=(complain) {
646
+   #include <abstractions/base>
647
+   #include <abstractions/nameservice>
648
+   #include <abstractions/postfix-common>
649
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.showq apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.showq
650
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.showq	2018-04-15 19:18:53.000000000 +0530
651
+@@ -10,7 +10,7 @@
652
+ 
653
+ #include <tunables/global>
654
+ 
655
+-/usr/lib/postfix/showq {
656
++/usr/lib/postfix/showq flags=(complain) {
657
+   #include <abstractions/base>
658
+   #include <abstractions/nameservice>
659
+   #include <abstractions/postfix-common>
660
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.smtp apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.smtp
661
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.smtp	2018-04-15 19:18:53.000000000 +0530
662
+@@ -10,7 +10,7 @@
663
+ 
664
+ #include <tunables/global>
665
+ 
666
+-/usr/lib/postfix/smtp {
667
++/usr/lib/postfix/smtp flags=(complain) {
668
+   #include <abstractions/base>
669
+   #include <abstractions/nameservice>
670
+   #include <abstractions/postfix-common>
671
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.smtpd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.smtpd
672
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.smtpd	2018-04-15 19:18:53.000000000 +0530
673
+@@ -10,7 +10,7 @@
674
+ 
675
+ #include <tunables/global>
676
+ 
677
+-/usr/lib/postfix/smtpd {
678
++/usr/lib/postfix/smtpd flags=(complain) {
679
+   #include <abstractions/base>
680
+   #include <abstractions/nameservice>
681
+   #include <abstractions/postfix-common>
682
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.spawn apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.spawn
683
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.spawn	2018-04-15 19:18:53.000000000 +0530
684
+@@ -10,7 +10,7 @@
685
+ 
686
+ #include <tunables/global>
687
+ 
688
+-/usr/lib/postfix/spawn {
689
++/usr/lib/postfix/spawn flags=(complain) {
690
+   #include <abstractions/base>
691
+   #include <abstractions/nameservice>
692
+   #include <abstractions/postfix-common>
693
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.tlsmgr apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.tlsmgr
694
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.tlsmgr	2018-04-15 19:18:53.000000000 +0530
695
+@@ -11,7 +11,7 @@
696
+ 
697
+ #include <tunables/global>
698
+ 
699
+-/usr/lib/postfix/tlsmgr {
700
++/usr/lib/postfix/tlsmgr flags=(complain) {
701
+   #include <abstractions/base>
702
+   #include <abstractions/nameservice>
703
+   #include <abstractions/postfix-common>
704
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.trivial-rewrite apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.trivial-rewrite
705
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.trivial-rewrite	2018-04-15 19:18:53.000000000 +0530
706
+@@ -10,7 +10,7 @@
707
+ 
708
+ #include <tunables/global>
709
+ 
710
+-/usr/lib/postfix/trivial-rewrite {
711
++/usr/lib/postfix/trivial-rewrite flags=(complain) {
712
+   #include <abstractions/base>
713
+   #include <abstractions/nameservice>
714
+   #include <abstractions/postfix-common>
715
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.verify apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.verify
716
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.verify	2018-04-15 19:18:53.000000000 +0530
717
+@@ -10,7 +10,7 @@
718
+ 
719
+ #include <tunables/global>
720
+ 
721
+-/usr/lib/postfix/verify {
722
++/usr/lib/postfix/verify flags=(complain) {
723
+   #include <abstractions/base>
724
+   #include <abstractions/nameservice>
725
+   #include <abstractions/postfix-common>
726
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.virtual apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.postfix.virtual
727
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.postfix.virtual	2018-04-15 19:18:53.000000000 +0530
728
+@@ -10,7 +10,7 @@
729
+ 
730
+ #include <tunables/global>
731
+ 
732
+-/usr/lib/postfix/virtual {
733
++/usr/lib/postfix/virtual flags=(complain) {
734
+   #include <abstractions/base>
735
+   #include <abstractions/nameservice>
736
+   #include <abstractions/postfix-common>
737
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay
738
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay	2018-04-15 19:18:53.000000000 +0530
739
+@@ -12,7 +12,7 @@
740
+ 
741
+ #include <tunables/global>
742
+ 
743
+-/usr/lib/RealPlayer10/realplay {
744
++/usr/lib/RealPlayer10/realplay flags=(complain) {
745
+   #include <abstractions/base>
746
+   #include <abstractions/bash>
747
+   #include <abstractions/consoles>
748
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient
749
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient	2018-04-15 19:18:53.000000000 +0530
750
+@@ -11,7 +11,7 @@
751
+ 
752
+ #include <tunables/global>
753
+ 
754
+-/usr/NX/bin/nxclient {
755
++/usr/NX/bin/nxclient flags=(complain) {
756
+   #include <abstractions/base>
757
+   #include <abstractions/bash>
758
+   #include <abstractions/consoles>
759
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.cupsd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.cupsd
760
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.cupsd	2018-04-15 19:18:53.000000000 +0530
761
+@@ -1,6 +1,6 @@
762
+ # Last Modified: Sun Sep 16 18:11:15 2007
763
+ #include <tunables/global>
764
+-/usr/sbin/cupsd {
765
++/usr/sbin/cupsd flags=(complain) {
766
+   #include <abstractions/base>
767
+   #include <abstractions/bash>
768
+   #include <abstractions/dbus>
769
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.dhcpd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.dhcpd
770
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.dhcpd	2018-04-15 19:18:53.000000000 +0530
771
+@@ -10,7 +10,7 @@
772
+ 
773
+ #include <tunables/global>
774
+ 
775
+-/usr/sbin/dhcpd {
776
++/usr/sbin/dhcpd flags=(complain) {
777
+   #include <abstractions/base>
778
+   #include <abstractions/nameservice>
779
+ 
780
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork
781
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork	2018-04-15 19:18:53.000000000 +0530
782
+@@ -11,7 +11,7 @@
783
+ 
784
+ #include <tunables/global>
785
+ 
786
+-/usr/sbin/httpd2-prefork {
787
++/usr/sbin/httpd2-prefork flags=(complain) {
788
+   #include <abstractions/apache2-common>
789
+   #include <abstractions/base>
790
+   #include <abstractions/consoles>
791
+@@ -129,12 +129,12 @@
792
+   /var/lib/php/sess_*                rwl,
793
+ 
794
+ 
795
+-  ^HANDLING_UNTRUSTED_INPUT {
796
++  ^HANDLING_UNTRUSTED_INPUT flags=(complain) {
797
+     #include <abstractions/apache2-common>
798
+     /var/log/apache2/*     w,
799
+   }
800
+ 
801
+-  ^DEFAULT_URI {
802
++  ^DEFAULT_URI flags=(complain) {
803
+     #include <abstractions/apache2-common>
804
+     #include <abstractions/base>
805
+ 
806
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.imapd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.imapd
807
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.imapd	2018-04-15 19:18:53.000000000 +0530
808
+@@ -10,7 +10,7 @@
809
+ 
810
+ #include <tunables/global>
811
+ 
812
+-/usr/sbin/imapd {
813
++/usr/sbin/imapd flags=(complain) {
814
+   #include <abstractions/base>
815
+   #include <abstractions/nameservice>
816
+   #include <abstractions/authentication>
817
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd
818
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd	2018-04-15 19:18:53.000000000 +0530
819
+@@ -10,7 +10,7 @@
820
+ 
821
+ #include <tunables/global>
822
+ 
823
+-/usr/sbin/in.fingerd {
824
++/usr/sbin/in.fingerd flags=(complain) {
825
+   #include <abstractions/base>
826
+   #include <abstractions/nameservice>
827
+ 
828
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd
829
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd	2018-04-15 19:18:53.000000000 +0530
830
+@@ -10,7 +10,7 @@
831
+ 
832
+ #include <tunables/global>
833
+ 
834
+-/usr/sbin/in.ftpd {
835
++/usr/sbin/in.ftpd flags=(complain) {
836
+   #include <abstractions/base>
837
+   #include <abstractions/nameservice>
838
+   #include <abstractions/authentication>
839
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd
840
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd	2018-04-15 19:18:53.000000000 +0530
841
+@@ -10,7 +10,7 @@
842
+ 
843
+ #include <tunables/global>
844
+ 
845
+-/usr/sbin/in.ntalkd {
846
++/usr/sbin/in.ntalkd flags=(complain) {
847
+   #include <abstractions/base>
848
+   #include <abstractions/nameservice>
849
+   #include <abstractions/consoles>
850
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.ipop2d apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.ipop2d
851
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.ipop2d	2018-04-15 19:18:53.000000000 +0530
852
+@@ -10,7 +10,7 @@
853
+ 
854
+ #include <tunables/global>
855
+ 
856
+-/usr/sbin/ipop2d {
857
++/usr/sbin/ipop2d flags=(complain) {
858
+   #include <abstractions/base>
859
+   #include <abstractions/nameservice>
860
+   #include <abstractions/authentication>
861
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.ipop3d apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.ipop3d
862
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.ipop3d	2018-04-15 19:18:53.000000000 +0530
863
+@@ -10,7 +10,7 @@
864
+ 
865
+ #include <tunables/global>
866
+ 
867
+-/usr/sbin/ipop3d {
868
++/usr/sbin/ipop3d flags=(complain) {
869
+   #include <abstractions/base>
870
+   #include <abstractions/nameservice>
871
+   #include <abstractions/authentication>
872
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.lighttpd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.lighttpd
873
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.lighttpd	2018-04-15 19:18:53.000000000 +0530
874
+@@ -11,7 +11,7 @@
875
+ 
876
+ #include <tunables/global>
877
+ 
878
+-/usr/sbin/lighttpd {
879
++/usr/sbin/lighttpd flags=(complain) {
880
+   #include <abstractions/base>
881
+   #include <abstractions/nameservice>
882
+   #include <abstractions/web-data>
883
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.mysqld apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.mysqld
884
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.mysqld	2018-04-15 19:18:53.000000000 +0530
885
+@@ -14,7 +14,7 @@
886
+ 
887
+ #include <tunables/global>
888
+ 
889
+-/usr/sbin/mysqld {
890
++/usr/sbin/mysqld flags=(complain) {
891
+   #include <abstractions/base>
892
+   #include <abstractions/mysql>
893
+   #include <abstractions/nameservice>
894
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.nmbd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.nmbd
895
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.nmbd	2018-04-15 19:18:53.000000000 +0530
896
+@@ -12,7 +12,7 @@
897
+ 
898
+ #include <tunables/global>
899
+ 
900
+-/usr/sbin/nmbd {
901
++/usr/sbin/nmbd flags=(complain) {
902
+   #include <abstractions/base>
903
+   #include <abstractions/nameservice>
904
+ 
905
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.oidentd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.oidentd
906
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.oidentd	2018-04-15 19:18:53.000000000 +0530
907
+@@ -11,7 +11,7 @@
908
+ 
909
+ #include <tunables/global>
910
+ 
911
+-/usr/sbin/oidentd {
912
++/usr/sbin/oidentd flags=(complain) {
913
+   #include <abstractions/base>
914
+   #include <abstractions/nameservice>
915
+ 
916
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.popper apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.popper
917
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.popper	2018-04-15 19:18:53.000000000 +0530
918
+@@ -11,7 +11,7 @@
919
+ # Last Modified: Wed Aug 31 11:14:09 2005
920
+ #include <tunables/global>
921
+ 
922
+-/usr/sbin/popper {
923
++/usr/sbin/popper flags=(complain) {
924
+   #include <abstractions/authentication>
925
+   #include <abstractions/base>
926
+   #include <abstractions/nameservice>
927
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.postalias apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.postalias
928
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.postalias	2018-04-15 19:18:53.000000000 +0530
929
+@@ -10,7 +10,7 @@
930
+ 
931
+ #include <tunables/global>
932
+ 
933
+-/usr/sbin/postalias {
934
++/usr/sbin/postalias flags=(complain) {
935
+   #include <abstractions/base>
936
+   #include <abstractions/kerberosclient>
937
+   #include <abstractions/nameservice>
938
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.postdrop apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.postdrop
939
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.postdrop	2018-04-15 19:18:53.000000000 +0530
940
+@@ -11,7 +11,7 @@
941
+ 
942
+ #include <tunables/global>
943
+ 
944
+-/usr/sbin/postdrop {
945
++/usr/sbin/postdrop flags=(complain) {
946
+   #include <abstractions/base>
947
+   #include <abstractions/kerberosclient>
948
+   #include <abstractions/nameservice>
949
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.postmap apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.postmap
950
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.postmap	2018-04-15 19:18:53.000000000 +0530
951
+@@ -10,7 +10,7 @@
952
+ 
953
+ #include <tunables/global>
954
+ 
955
+-/usr/sbin/postmap {
956
++/usr/sbin/postmap flags=(complain) {
957
+   #include <abstractions/base>
958
+   #include <abstractions/nameservice>
959
+   #include <abstractions/kerberosclient>
960
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.postqueue apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.postqueue
961
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.postqueue	2018-04-15 19:18:53.000000000 +0530
962
+@@ -10,7 +10,7 @@
963
+ 
964
+ #include <tunables/global>
965
+ 
966
+-/usr/sbin/postqueue {
967
++/usr/sbin/postqueue flags=(complain) {
968
+   #include <abstractions/base>
969
+   #include <abstractions/consoles>
970
+   #include <abstractions/nameservice>
971
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.sendmail apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.sendmail
972
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.sendmail	2018-04-15 19:18:53.000000000 +0530
973
+@@ -13,7 +13,7 @@
974
+ 
975
+ #include <tunables/global>
976
+ 
977
+-/usr/sbin/sendmail {
978
++/usr/sbin/sendmail flags=(complain) {
979
+   #include <abstractions/base>
980
+   #include <abstractions/consoles>
981
+   #include <abstractions/kerberosclient>
982
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix
983
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix	2018-04-15 19:18:53.000000000 +0530
984
+@@ -10,7 +10,7 @@
985
+ 
986
+ #include <tunables/global>
987
+ 
988
+-/usr/sbin/sendmail.postfix {
989
++/usr/sbin/sendmail.postfix flags=(complain) {
990
+   #include <abstractions/base>
991
+   #include <abstractions/nameservice>
992
+   #include <abstractions/consoles>
993
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail
994
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail	2018-04-15 19:18:53.000000000 +0530
995
+@@ -10,7 +10,7 @@
996
+ 
997
+ #include <tunables/global>
998
+ 
999
+-/usr/sbin/sendmail.sendmail {
1000
++/usr/sbin/sendmail.sendmail flags=(complain) {
1001
+   #include <abstractions/base>
1002
+   #include <abstractions/nameservice>
1003
+ 
1004
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.smbd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.smbd
1005
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.smbd	2018-04-15 19:18:53.000000000 +0530
1006
+@@ -12,7 +12,7 @@
1007
+ 
1008
+ #include <tunables/global>
1009
+ 
1010
+-/usr/sbin/smbd {
1011
++/usr/sbin/smbd flags=(complain) {
1012
+   #include <abstractions/base>
1013
+   #include <abstractions/bash>
1014
+   #include <abstractions/nameservice>
1015
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.spamd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.spamd
1016
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.spamd	2018-04-15 19:18:53.000000000 +0530
1017
+@@ -12,7 +12,7 @@
1018
+ 
1019
+ #include <tunables/global>
1020
+ 
1021
+-/usr/sbin/spamd {
1022
++/usr/sbin/spamd flags=(complain) {
1023
+   #include <abstractions/authentication>
1024
+   #include <abstractions/base>
1025
+   #include <abstractions/nameservice>
1026
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.squid apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.squid
1027
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.squid	2018-04-15 19:18:53.000000000 +0530
1028
+@@ -11,7 +11,7 @@
1029
+ 
1030
+ #include <tunables/global>
1031
+ 
1032
+-/usr/sbin/squid {
1033
++/usr/sbin/squid flags=(complain) {
1034
+   #include <abstractions/base>
1035
+   #include <abstractions/consoles>
1036
+   #include <abstractions/kerberosclient>
1037
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.sshd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.sshd
1038
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.sshd	2018-04-15 19:18:53.000000000 +0530
1039
+@@ -16,7 +16,7 @@
1040
+ 
1041
+ #include <tunables/global>
1042
+ 
1043
+-/usr/sbin/sshd {
1044
++/usr/sbin/sshd flags=(complain) {
1045
+   #include <abstractions/authentication>
1046
+   #include <abstractions/base>
1047
+   #include <abstractions/consoles>
1048
+@@ -98,7 +98,7 @@
1049
+ 
1050
+   # to set memory protection for passwd
1051
+   @{PROC}/@{pid}/task/@{pid}/attr/exec w,
1052
+-  profile passwd {
1053
++  profile passwd flags=(complain) {
1054
+     #include <abstractions/authentication>
1055
+     #include <abstractions/base>
1056
+     #include <abstractions/nameservice>
1057
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.useradd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.useradd
1058
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.useradd	2018-04-15 19:18:53.000000000 +0530
1059
+@@ -11,7 +11,7 @@
1060
+ 
1061
+ #include <tunables/global>
1062
+ 
1063
+-/usr/sbin/useradd {
1064
++/usr/sbin/useradd flags=(complain) {
1065
+   #include <abstractions/authentication>
1066
+   #include <abstractions/base>
1067
+   #include <abstractions/bash>
1068
+@@ -59,7 +59,7 @@
1069
+   /{,var/}run/nscd.pid rw,
1070
+   /var/spool/mail/* rw,
1071
+ 
1072
+-  profile pam_tally2 {
1073
++  profile pam_tally2 flags=(complain) {
1074
+     #include <abstractions/base>
1075
+     #include <abstractions/consoles>
1076
+     #include <abstractions/nameservice>
1077
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.userdel apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.userdel
1078
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.userdel	2018-04-15 19:18:53.000000000 +0530
1079
+@@ -11,7 +11,7 @@
1080
+ 
1081
+ #include <tunables/global>
1082
+ 
1083
+-/usr/sbin/userdel {
1084
++/usr/sbin/userdel flags=(complain) {
1085
+   #include <abstractions/authentication>
1086
+   #include <abstractions/base>
1087
+   #include <abstractions/bash>
1088
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.vsftpd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.vsftpd
1089
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.vsftpd	2018-04-15 19:18:53.000000000 +0530
1090
+@@ -11,7 +11,7 @@
1091
+ 
1092
+ #include <tunables/global>
1093
+ 
1094
+-/usr/sbin/vsftpd {
1095
++/usr/sbin/vsftpd flags=(complain) {
1096
+   #include <abstractions/base>
1097
+   #include <abstractions/nameservice>
1098
+   #include <abstractions/authentication>
1099
+diff -Naur apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.xinetd apparmor-2.13-mod/profiles/apparmor/profiles/extras/usr.sbin.xinetd
1100
+--- apparmor-2.13/profiles/apparmor/profiles/extras/usr.sbin.xinetd	2018-04-15 19:18:53.000000000 +0530
1101
+@@ -10,7 +10,7 @@
1102
+ 
1103
+ #include <tunables/global>
1104
+ 
1105
+-/usr/sbin/xinetd {
1106
++/usr/sbin/xinetd flags=(complain) {
1107
+   #include <abstractions/base>
1108
+   #include <abstractions/nameservice>
1109
+ 
1110
+diff -Naur apparmor-2.13/profiles/apparmor.d/abstractions/launchpad-integration apparmor-2.13-mod/profiles/apparmor.d/abstractions/launchpad-integration
1111
+--- apparmor-2.13/profiles/apparmor.d/abstractions/launchpad-integration	2018-04-15 19:18:53.000000000 +0530
1112
+@@ -3,7 +3,7 @@
1113
+ 
1114
+   # Launchpad integration should run in a sanitizing profile
1115
+   /usr/bin/launchpad-integration Cxr -> launchpad_integration,
1116
+-  profile launchpad_integration {
1117
++  profile launchpad_integration flags=(complain) {
1118
+     #include <abstractions/base>
1119
+     #include <abstractions/nameservice>
1120
+     #include <abstractions/ubuntu-browsers>
1121
+diff -Naur apparmor-2.13/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java apparmor-2.13-mod/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java
1122
+--- apparmor-2.13/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java	2018-04-15 19:18:53.000000000 +0530
1123
+@@ -17,7 +17,7 @@
1124
+   # Profile for the supported OpenJDK in Ubuntu. This doesn't require the
1125
+   # unfortunate workarounds of the proprietary Javas, so have a separate
1126
+   # profile.
1127
+-  profile browser_openjdk {
1128
++  profile browser_openjdk flags=(complain) {
1129
+     #include <abstractions/base>
1130
+     #include <abstractions/fonts>
1131
+     #include <abstractions/gnome>
1132
+@@ -62,7 +62,7 @@
1133
+ 
1134
+   # Profile for commercial Javas. These need workarounds to work right (eg
1135
+   # Sun's forcing of an executable stack (LP: #535247)).
1136
+-  profile browser_java {
1137
++  profile browser_java flags=(complain) {
1138
+     #include <abstractions/base>
1139
+     #include <abstractions/fonts>
1140
+     #include <abstractions/gnome>
1141
+diff -Naur apparmor-2.13/profiles/apparmor.d/abstractions/ubuntu-helpers apparmor-2.13-mod/profiles/apparmor.d/abstractions/ubuntu-helpers
1142
+--- apparmor-2.13/profiles/apparmor.d/abstractions/ubuntu-helpers	2018-04-15 19:18:53.000000000 +0530
1143
+@@ -31,7 +31,7 @@
1144
+ # Use at your own risk. This profile was developed as an interim workaround for
1145
+ # LP: #851986 until AppArmor utilizes proper environment filtering.
1146
+ 
1147
+-profile sanitized_helper {
1148
++profile sanitized_helper flags=(complain) {
1149
+   #include <abstractions/base>
1150
+   #include <abstractions/X>
1151
+ 
1152
+diff -Naur apparmor-2.13/profiles/apparmor.d/apache2.d/phpsysinfo apparmor-2.13-mod/profiles/apparmor.d/apache2.d/phpsysinfo
1153
+--- apparmor-2.13/profiles/apparmor.d/apache2.d/phpsysinfo	2018-04-15 19:18:53.000000000 +0530
1154
+@@ -1,7 +1,7 @@
1155
+ # Last Modified: Fri Sep 11 13:27:22 2009
1156
+ # Author: Marc Deslauriers <marc.deslauriers@ubuntu.com>
1157
+ 
1158
+-  ^phpsysinfo {
1159
++  ^phpsysinfo flags=(complain) {
1160
+     #include <abstractions/apache2-common>
1161
+     #include <abstractions/base>
1162
+     #include <abstractions/nameservice>
1163
+diff -Naur apparmor-2.13/profiles/apparmor.d/bin.ping apparmor-2.13-mod/profiles/apparmor.d/bin.ping
1164
+--- apparmor-2.13/profiles/apparmor.d/bin.ping	2018-04-15 19:18:53.000000000 +0530
1165
+@@ -10,7 +10,7 @@
1166
+ # ------------------------------------------------------------------
1167
+ 
1168
+ #include <tunables/global>
1169
+-profile ping /{usr/,}bin/ping {
1170
++profile ping /{usr/,}bin/ping flags=(complain) {
1171
+   #include <abstractions/base>
1172
+   #include <abstractions/consoles>
1173
+   #include <abstractions/nameservice>
1174
+diff -Naur apparmor-2.13/profiles/apparmor.d/sbin.klogd apparmor-2.13-mod/profiles/apparmor.d/sbin.klogd
1175
+--- apparmor-2.13/profiles/apparmor.d/sbin.klogd	2018-04-15 19:18:53.000000000 +0530
1176
+@@ -11,7 +11,7 @@
1177
+ 
1178
+ #include <tunables/global>
1179
+ 
1180
+-profile klogd /{usr/,}sbin/klogd {
1181
++profile klogd /{usr/,}sbin/klogd flags=(complain) {
1182
+   #include <abstractions/base>
1183
+ 
1184
+   capability sys_admin, # for backward compatibility with kernel <= 2.6.37
1185
+diff -Naur apparmor-2.13/profiles/apparmor.d/sbin.syslogd apparmor-2.13-mod/profiles/apparmor.d/sbin.syslogd
1186
+--- apparmor-2.13/profiles/apparmor.d/sbin.syslogd	2018-04-15 19:18:53.000000000 +0530
1187
+@@ -11,7 +11,7 @@
1188
+ 
1189
+ #include <tunables/global>
1190
+ 
1191
+-profile syslogd /{usr/,}sbin/syslogd {
1192
++profile syslogd /{usr/,}sbin/syslogd flags=(complain) {
1193
+   #include <abstractions/base>
1194
+   #include <abstractions/nameservice>
1195
+   #include <abstractions/consoles>
1196
+diff -Naur apparmor-2.13/profiles/apparmor.d/sbin.syslog-ng apparmor-2.13-mod/profiles/apparmor.d/sbin.syslog-ng
1197
+--- apparmor-2.13/profiles/apparmor.d/sbin.syslog-ng	2018-04-15 19:18:53.000000000 +0530
1198
+@@ -15,7 +15,7 @@
1199
+ #define this to be where syslog-ng is chrooted
1200
+ @{CHROOT_BASE}=""
1201
+ 
1202
+-profile syslog-ng /{usr/,}sbin/syslog-ng {
1203
++profile syslog-ng /{usr/,}sbin/syslog-ng flags=(complain) {
1204
+   #include <abstractions/base>
1205
+   #include <abstractions/consoles>
1206
+   #include <abstractions/nameservice>
1207
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 apparmor-2.13-mod/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
1208
+--- apparmor-2.13/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2	2018-04-15 19:18:53.000000000 +0530
1209
+@@ -1,7 +1,7 @@
1210
+ # Author: Marc Deslauriers <marc.deslauriers@ubuntu.com>
1211
+ 
1212
+ #include <tunables/global>
1213
+-/usr/lib/apache2/mpm-prefork/apache2 {
1214
++/usr/lib/apache2/mpm-prefork/apache2 flags=(complain) {
1215
+ 
1216
+   # This profile is completely permissive.
1217
+   # It is designed to target specific applications using mod_apparmor,
1218
+@@ -53,7 +53,7 @@
1219
+   /** mrwlkix,
1220
+ 
1221
+ 
1222
+-  ^DEFAULT_URI {
1223
++  ^DEFAULT_URI flags=(complain) {
1224
+     #include <abstractions/base>
1225
+     #include <abstractions/nameservice>
1226
+ 
1227
+@@ -62,7 +62,7 @@
1228
+ 
1229
+   }
1230
+ 
1231
+-  ^HANDLING_UNTRUSTED_INPUT {
1232
++  ^HANDLING_UNTRUSTED_INPUT flags=(complain) {
1233
+     #include <abstractions/nameservice>
1234
+ 
1235
+     / rw,
1236
+diff -Naur apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.anvil apparmor-2.13-mod/profiles/apparmor.d/usr.lib.dovecot.anvil
1237
+--- apparmor-2.13/profiles/apparmor.d/usr.lib.dovecot.anvil	2018-04-15 19:18:53.000000000 +0530
1238
+@@ -11,7 +11,7 @@
1239
+ 
1240
+ #include <tunables/global>
1241
+ 
1242
+-/usr/lib/dovecot/anvil {
1243
++/usr/lib/dovecot/anvil flags=(complain) {
1244
+   #include <abstractions/base>