Rick, this is actually quite easy. Ship the profile as if it is enforcing, then put a symlink to it in /etc/apparmor.d/disable. Eg, if you install the profile to /etc/apparmor.d/usr.lib.ubuntuone-client.ubuntuone-syncdaemon, then do:
# ln -s /etc/apparmor.d/usr.lib.ubuntuone-client.ubuntuone-syncdaemon /etc/apparmor.d/disable/usr.lib.ubuntuone-client.ubuntuone-syncdaemon
You can see the firefox packaging for a (rather complicated) example. libapache2-mod-apparmor has a less complicated example I think.
Rick, this is actually quite easy. Ship the profile as if it is enforcing, then put a symlink to it in /etc/apparmor. d/disable. Eg, if you install the profile to /etc/apparmor. d/usr.lib. ubuntuone- client. ubuntuone- syncdaemon, then do: d/usr.lib. ubuntuone- client. ubuntuone- syncdaemon /etc/apparmor. d/disable/ usr.lib. ubuntuone- client. ubuntuone- syncdaemon
# ln -s /etc/apparmor.
You can see the firefox packaging for a (rather complicated) example. libapache2- mod-apparmor has a less complicated example I think.