Enforce Mode

The default package configuration installs all profiles in complain mode. This is a safety measure to ensure you are not going to break your system on initial installation. Once you have tested it, and it works fine, you can easily switch to enforce mode. The profiles that are not considered stable are kept in complain mode, they can be tracked in the dists/flags directory.

Danger

You must test in complain mode first and ensure your system works as expected.
You must regularly check AppArmor log with aa-log and report issues first.
When reporting an issue, you must ensure the affected profiles are in complain mode.

Archlinux Ubuntu Debian openSUSE Partial Install

In the PKGBUILD, replace make by make enforce:

-  make DISTRIBUTION=arch
+  make enforce DISTRIBUTION=arch

Then, build the package with: make pkg

In debian/rules, add the following lines:

override_dh_auto_build:
    make enforce

Then, build the package with: make dpkg

In debian/rules, add the following lines:

override_dh_auto_build:
    make enforce

Then, build the package with: make dpkg

In dists/apparmor.d.spec, replace %make_build by %make_build enforce

-  %make_build
+  %make_build enforce

Then, build the package with: make rpm

Use the make enforce command to build instead of make