Comment 1 for bug 1607532

_Please_ do not blindly set the profile to complain mode at startup. That would make the aa-logprof/aa-genprof family of tools useless when running potentially untrusted code.

On my own computers, the only way I ever run anything that did not originate in the Ubuntu or Debian archives is by creating a small profile for the application in enforce mode and iteratively running it over and over again, adding the privileges I want to allow.

Thanks