Add 'if exists' to some include.

apparmor.d/abstractions/evince

@@ -120,5 +120,4 @@
   include <abstractions/private-files-strict>
   #owner @{HOME}/.mozilla/**/*Cache/* r,
 
-  # Site-specific additions and overrides. See local/README for details.
-  include <local/usr.bin.evince>
+  include if exists <local/usr.bin.evince>

apparmor.d/abstractions/libvirt-lxc

@@ -117,5 +117,4 @@
   deny /sys/fs/cgroup?*{,/**} wklx,
   deny /sys/fs?*{,/**} wklx,
 
-  # Site-specific additions and overrides. See local/README for details.
-  #include <local/abstractions/libvirt-lxc>
+  include if exists <local/abstractions/libvirt-lxc>

apparmor.d/abstractions/libvirt-qemu

@@ -244,5 +244,4 @@
   / r, # harmless on any lsb compliant system
   /sys/bus/nd/devices/{,**/} r,
 
-  # Site-specific additions and overrides. See local/README for details.
-  #include <local/abstractions/libvirt-qemu>
+  include if exists <local/abstractions/libvirt-qemu>

apparmor.d/groups/apt/usr.sbin.apt-cacher-ng

@@ -4,13 +4,13 @@
 
 @{APT_CACHER_NG_CACHE_DIR}=/var/cache/apt-cacher-ng
 
-#include <tunables/global>
+include <tunables/global>
 
-profile apt-cacher-ng /usr/sbin/apt-cacher-ng {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/openssl>
-  #include <abstractions/user-tmp>
+profile apt-cacher-ng /usr/sbin/apt-cacher-ng flags=(complain) {
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/openssl>
+  include <abstractions/user-tmp>
 
   /etc/apt-cacher-ng/ r,
   /etc/apt-cacher-ng/** r,
@@ -35,6 +35,5 @@ profile apt-cacher-ng /usr/sbin/apt-cacher-ng {
   # used by libevent
   @{PROC}/sys/kernel/random/uuid r,
 
-  # Site-specific additions and overrides. See local/README for details.
-  #include <local/usr.sbin.apt-cacher-ng>
+  include if exists <local/usr.sbin.apt-cacher-ng>
 }

apparmor.d/groups/browsers/torbrowser.Browser.firefox

@@ -148,5 +148,5 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
   # Yubikey NEO also needs this:
   /sys/devices/**/hidraw/hidraw*/uevent r,
 
-  include <local/torbrowser.Browser.firefox>
+  include if exists <local/torbrowser.Browser.firefox>
 }

apparmor.d/groups/browsers/torbrowser.Browser.plugin-container

@@ -100,5 +100,5 @@ profile torbrowser_plugin_container {
   deny /etc/pulse/client.conf r,
   deny /usr/bin/pulseaudio x,
 
-  include <local/torbrowser.Browser.plugin-container>
+  include if exists <local/torbrowser.Browser.plugin-container>
 }

apparmor.d/groups/browsers/torbrowser.Tor.tor

@@ -42,5 +42,5 @@ profile torbrowser_tor @{torbrowser_tor_executable} {
   # OnionShare compatibility
   /tmp/onionshare/** rw,
 
-  include <local/torbrowser.Tor.tor>
+  include if exists <local/torbrowser.Tor.tor>
 }

apparmor.d/profiles-a-l/child-lsb_release

@@ -58,6 +58,5 @@ profile child-lsb_release {
 #  deny /tmp/gtalkplugin.log w,
   /dev/dri/card[0-9]* rw,
 
-  # Site-specific additions and overrides. See local/README for details.
   include if exists <local/child-lsb_release>
 }

apparmor.d/profiles-m-z/system_tor

@@ -21,6 +21,5 @@ profile system_tor flags=(attach_disconnected) {
   /{,var/}run/tor/control.authcookie.tmp rw,
   /{,var/}run/systemd/notify w,
 
-  # Site-specific additions and overrides. See local/README for details.
-  include <local/system_tor>
+  include if exists <local/system_tor>
 }

apparmor.d/profiles-m-z/usr.bin.irssi

@@ -49,6 +49,5 @@ include <tunables/global>
   # for fnotify
   owner @{HOME}/.irssi/fnotify rwk,
 
-  # Site-specific additions and overrides. See local/README for details.
-  include <local/usr.bin.irssi>
+  include if exists <local/usr.bin.irssi>
 }

apparmor.d/profiles-m-z/usr.bin.man

@@ -49,8 +49,7 @@ include <tunables/global>
   signal peer=/usr/bin/man//&man_groff,
   signal peer=/usr/bin/man//&man_filter,
 
-  # Site-specific additions and overrides.  See local/README for details.
-  include <local/usr.bin.man>
+  include if exists <local/usr.bin.man>
 }
 
 profile man_groff {

apparmor.d/profiles-m-z/usr.bin.pidgin

@@ -82,6 +82,5 @@ include <tunables/global>
   owner @{PROC}/@{pid}/auxv r,
   owner @{PROC}/@{pid}/fd/ r,
 
-  # Site-specific additions and overrides. See local/README for details.
-  include <local/usr.bin.pidgin>
+  include if exists <local/usr.bin.pidgin>
 }

apparmor.d/profiles-m-z/usr.bin.tcpdump

@@ -60,6 +60,5 @@ profile tcpdump /usr/sbin/tcpdump {
 
   /usr/sbin/tcpdump mr,
 
-  # Site-specific additions and overrides. See local/README for details.
-  include <local/usr.sbin.tcpdump>
+  include if exists <local/usr.sbin.tcpdump>
 }

apparmor.d/profiles-m-z/usr.bin.totem

@@ -54,6 +54,5 @@
   /sys/devices/pci[0-9]*/**/config r,
   /sys/devices/pci[0-9]*/**/{,subsystem_}{device,vendor} r,
 
-  # Site-specific additions and overrides. See local/README for details.
-  #include <local/usr.bin.totem>
+  include if exists <local/usr.bin.totem>
 }

apparmor.d/profiles-m-z/usr.bin.totem-previewers

@@ -23,8 +23,7 @@ include <tunables/global>
 
   /usr/bin/totem-video-thumbnailer rm,
 
-  # Site-specific additions and overrides. See local/README for details.
-  include <local/usr.bin.totem-previewers>
+  include if exists <local/usr.bin.totem-previewers>
 }
 
 /usr/bin/totem-audio-preview flags=(attach_disconnected) {
@@ -37,6 +36,5 @@ include <tunables/global>
   owner @{HOME}/[^.]*    rw,
   owner @{HOME}/[^.]*/** rw,
 
-  # Site-specific additions and overrides. See local/README for details.
-  include <local/usr.bin.totem-previewers>
+  include if exists <local/usr.bin.totem-previewers>
 }

apparmor.d/profiles-m-z/usr.lib.libvirt.virt-aa-helper

@@ -69,6 +69,5 @@ profile virt-aa-helper /usr/lib/libvirt/virt-aa-helper {
   /**.[iI][sS][oO] r,
   /**/disk{,.*} r,
 
-  # Site-specific additions and overrides. See local/README for details.
-  include <local/usr.lib.libvirt.virt-aa-helper>
+  include if exists <local/usr.lib.libvirt.virt-aa-helper>
 }

apparmor.d/profiles-m-z/usr.sbin.cupsd

@@ -173,8 +173,7 @@
     unix,
   }
 
-  # Site-specific additions and overrides. See local/README for details.
-  #include <local/usr.sbin.cupsd>
+  include if exists <local/usr.sbin.cupsd>
 }
 
 # separate profile since this needs to write into /home

apparmor.d/profiles-m-z/usr.sbin.libvirtd

@@ -136,6 +136,5 @@ profile libvirtd /usr/sbin/libvirtd flags=(attach_disconnected) {
    /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
   }
 
-  # Site-specific additions and overrides. See local/README for details.
-  #include <local/usr.sbin.libvirtd>
+  include if exists <local/usr.sbin.libvirtd>
 }