The policy configuration directory allows for multiple policy locations to be specified. For each policy locations, local configuration overrides can be specified that override the default, and global config options.

proposed locations, choose one

/etc/apparmor/conf.d/
/etc/apparmor/config.d/
/etc/apparmor/policy.d/
/etc/apparmor/layout.d/

todo figure out if we have a subdir per policy location, or just a file

configuration file format

global

use/support existing configs, maybe also support what every is used for per policy configs if it is different.

per policy configs

Todo figure out format used by the figuration files

config options

profiles - where this policy's profiles are stored
cache - where this policy's cache is stored, can be used to disable cache as well
includes - where the includes are for the policy (can be shared between policy locations) ** abstractions? - where are the abstractions (can be shared between policy locations) ** tunnables? - where are the tunnables stored.
overlay - ??? separate from profiles or maybe just list of paths in profiles, like the $PATH env var
priority - ??? priority vs loading of other profile locations. This is used to order independent policy locations, this is effectively an overlay
managed - does apparmor manage this policy or an external entity
r/w? - whether this location is writable? for overlays, to know where things can be written.
compiler config options -
genprof/logprof options -

profile layout

how is profile laid out so its sane/admin friendly when there are 1600+ profiles.

cache layout

link to cache layout doc. Update doc to use kernel as part of subdir name to make more human friendly