# AppArmor aa-genprof fails to find include file

## hadadat

Hello, 

I've recently setup AppArmor. I'm trying to use the tool aa-genprof to generate some new profiles. Whenever I run the command I get an error about an Include file missing 

```

# aa-genprof /usr/bin/evince

ERROR: Include file /etc/apparmor.d/local/usr.sbin.sshd not found

```

I emerged apparmor-profiles, libapparmor and apparmor utils. Am I missing something else?

----------

## hadadat

I realized every file under /etc/apparmor.d/local is just comments

```

# cat /etc/apparmor.d/local/*

# Site-specific additions and overrides for 'bin.ping'

# This directory is intended to contain profile additions and overrides for

# inclusion by distributed profiles to aid in packaging AppArmor for

# distributions.

#

# The shipped profiles in /etc/apparmor.d can still be modified by an

# administrator and people should modify the shipped profile when making

# large policy changes, rather than trying to make those adjustments here.

#

# For simple access additions or the occasional deny override, adjusting them

# here can prevent the package manager of the distribution from interfering

# with local modifications. As always, new policy should be reviewed to ensure

# it is appropriate for your site.

#

# For example, if the shipped /etc/apparmor.d/usr.sbin.smbd profile has:

#   #include <local/usr.sbin.smbd>

#

# then an administrator can adjust /etc/apparmor.d/local/usr.sbin.smbd to

# contain any additional paths to be allowed, such as:

#

#   /var/exports/** lrwk,

#

# Keep in mind that 'deny' rules are evaluated after allow rules, so you won't

# be able to allow access to files that are explicitly denied by the shipped

# profile using this mechanism.

# Site-specific additions and overrides for 'sbin.klogd'

# Site-specific additions and overrides for 'sbin.syslogd'

# Site-specific additions and overrides for 'sbin.syslog-ng'

# Site-specific additions and overrides for 'usr.lib.apache2.mpm-prefork.apache2'

# Site-specific additions and overrides for 'usr.lib.dovecot.anvil'

# Site-specific additions and overrides for 'usr.lib.dovecot.auth'

# Site-specific additions and overrides for 'usr.lib.dovecot.config'

# Site-specific additions and overrides for 'usr.lib.dovecot.deliver'

# Site-specific additions and overrides for 'usr.lib.dovecot.dict'

# Site-specific additions and overrides for 'usr.lib.dovecot.dovecot-auth'

# Site-specific additions and overrides for 'usr.lib.dovecot.dovecot-lda'

# Site-specific additions and overrides for 'usr.lib.dovecot.imap'

# Site-specific additions and overrides for 'usr.lib.dovecot.imap-login'

# Site-specific additions and overrides for 'usr.lib.dovecot.lmtp'

# Site-specific additions and overrides for 'usr.lib.dovecot.log'

# Site-specific additions and overrides for 'usr.lib.dovecot.managesieve'

# Site-specific additions and overrides for 'usr.lib.dovecot.managesieve-login'

# Site-specific additions and overrides for 'usr.lib.dovecot.pop3'

# Site-specific additions and overrides for 'usr.lib.dovecot.pop3-login'

# Site-specific additions and overrides for 'usr.lib.dovecot.ssl-params'

# Site-specific additions and overrides for 'usr.sbin.apache2'

# Site-specific additions and overrides for 'usr.sbin.avahi-daemon'

# Site-specific additions and overrides for 'usr.sbin.dnsmasq'

# Site-specific additions and overrides for 'usr.sbin.dovecot'

# Site-specific additions and overrides for 'usr.sbin.identd'

# Site-specific additions and overrides for 'usr.sbin.mdnsd'

# Site-specific additions and overrides for 'usr.sbin.nmbd'

# Site-specific additions and overrides for 'usr.sbin.nscd'

# Site-specific additions and overrides for 'usr.sbin.ntpd'

# Site-specific additions and overrides for 'usr.sbin.smbd'

# Site-specific additions and overrides for 'usr.sbin.smbldap-useradd'

# Site-specific additions and overrides for 'usr.sbin.traceroute'

# Site-specific additions and overrides for 'usr.sbin.winbindd'

```

I figure having an empty file named /etc/apparmor.d/local/usr.sbin.sshd is all it wants. 

After creating the file aa-genprof no longer fails with error. 

If someone knows if this file isn't supposed to be empty please let me know.

----------

