aa-enforce does not handle empty profile consistently with parser

Original issue actually is that aa-enforce does not like completely empty profile, like, with only comments, for example:

```
$ cat /etc/apparmor.d/foo ; sudo aa-enforce /etc/apparmor.d/*
# foo bar
Profile for /etc/apparmor.d/abstractions not found, skipping
Profile for /etc/apparmor.d/apache2.d not found, skipping
Setting /etc/apparmor.d/bin.ping to enforce mode.
Profile for /etc/apparmor.d/disable not found, skipping
Setting /etc/apparmor.d/foo to enforce mode.

ERROR: /etc/apparmor.d/foo doesn't contain a valid profile (syntax error?)
```

This was discovered with this empty mariadb-server-10.3 profile in Debian Sid:
https://sources.debian.org/src/mariadb-10.3/1:10.3.12-2/debian/apparmor-profile/

You are reporting two issues that are (technically) completely different:

a) original bugreport

The tools are less flexible when it comes to whitespace, and require linebreaks after each rule, while the parser doesn't. Therefore "profile foobar {}" is known to fail. Fixing this would probably get us into a regex hell, so this is a wontfix IMHO (at least until the parser code gets moved to libapparmor and can be used by the tools, but I'd recommend not to hold your breath for that ;-)

b) comment #1

Handling files without a profile (only comments or empty files) should be easier to fix.

On 2019-02-16 23:04, Christian Boltz wrote:
> You are reporting two issues that are (technically) completely
> different:

Right, sorry, I've done a mess here. Basically, timeline was that there was (is) problem with empty
profile with tools, and then I've tried to "fix it" by adding `profile foo {}", and noticed another
problem with whitespaces.

Did you Vincas file or forward this to actual upstream bug reports at https://gitlab.com/groups/apparmor/-/issues ?