Enforce Mode

The default package configuration installs all profiles in complain mode. This is a safety measure to ensure you are not going to break your system on initial installation. Once you have tested it, and it works fine, you can easily switch to enforce mode. The profiles that are not considered stable are kept in complain mode, they can be tracked in the dists/flags directory.

Danger

You must test in complain mode first and ensure your system works as expected.
You must regularly check AppArmor log with aa-log and report issues first.
When reporting an issue, you must ensure the affected profiles are in complain mode.

Archlinux Ubuntu Debian openSUSE Partial Install

In the PKGBUILD, replace just complain by just enforce:

-  just complain
+  just enforce

Then, build the package with: just pkg

In debian/rules, replace just complain by just enforce:

  override_dh_auto_build:
-     just complain
  override_dh_auto_build:
+     just enforce

Then, build the package with: just dpkg

In debian/rules, replace just complain by just enforce:

  override_dh_auto_build:
-     just complain
  override_dh_auto_build:
+     just enforce

Then, build the package with: just dpkg

In dists/apparmor.d.spec, replace just complain by just enforce:

   %build
-  just complain
   %build
+  just enforce

Then, build the package with: just rpm

Use the just enforce command to build instead of just complain