Comment 5 for bug 1736542

Okay, I think I've made progress into whats been happening. clamd has really been sending a lot of audit messages to /var/log/audit/audit.log, but nothing has been picked up by aa-logprof. Running aa-enforce on the clamd profile isn't doing anything, and upon closer inspection of the actual profile file, I noticed that there was a " flags=(audit) " that wasn't getting removed, so I manually removed it and restarted apparmor/clamd. Then parts of clamd were throwing errors, but now these are being picked up by aa-logprof, and I can easily correct them. It turns out that the profile was missing "capability sys_admin," and now I believe that it is working as intended.