Comment 1 for bug 1580369

On Ubuntu 20.04 (apparmor 2.13.3, kernel 5.4.0-14.17-generic) without audit, it is now enforced:

$ rm -f /tmp/foo ; echo 'profile test (complain) { file, deny /tmp/foo rw, }' | sudo apparmor_parser -r ; aa-exec -p test touch /tmp/foo ; ls /tmp/foo
touch: cannot touch '/tmp/foo': Permission denied
ls: cannot access '/tmp/foo': No such file or directory

but with audit, they still are not:

$ rm -f /tmp/foo ; echo 'profile test (complain, audit) { file, deny /tmp/foo rw, }' | sudo apparmor_parser -r ; aa-exec -p test touch /tmp/foo ; ls /tmp/foo
/tmp/foo