Comment 8 for bug 1324608

trunk r3279 (and similar commits to the version branches, which will be in 2.10.1 and 2.9.3) changed the behaviour - aa-logprof and aa-genprof will now propose 'w' for creating a file. The commit message explains why:

  Map c (create) log events to w instead of a

  Creating a file is in theory covered by the 'a' permission, however
  discussion on IRC brought up that depending on the open flags it might
  not be enough (real-world example: creating the apache pid file).

  Therefore change the mapping to 'w' permissions. That might allow more
  than needed in some cases, but makes sure the profile always works.