OK, I have read a little bit :-)
Now I understand better the difference between enforce (for production) and complain (for testing/setup) modes and that they are mutually exclusive. man aa-genprof seems to indicate that the complain mode is set only during the generation of the profile: when aa-genprof exits the profile is in enforce mode. man -s7 apparmor seems to indicate (DEBUGGING section) that for the DENY messages to appear, you have to "Turn off deny audit quieting" and for the ALLOW messages to appear you have to "Force audit mode" Good luck :-)
