disable downgrade and not enforced rule messages by default

Currently the apparmor parser warns about rules that are not enforced or
downgraded. This is a problem for distros that are not carrying the out of
tree kernel patches, as most profile loads result in warnings.

Change the behavior to not output a message unless a warn flag is passed.
This patch adds 2 different warn flags
  --warn rule-downgraded    	 # warn if a rule is downgraded
  --warn rule-not-enforced	   # warn if a rule is not enforced at all

If the warnings are desired by default the flags can be set in the
parser.conf file.

v2 of patch
- update man page
- add --warn to usage statement
- make --quiet clear warn flags

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>

parser/af_unix.cc

@@ -176,7 +176,8 @@ static void warn_once(const char *name, const char *msg)
 
 static void warn_once(const char *name)
 {
-	warn_once(name, "extended network unix socket rules not enforced");
+	if (warnflags & WARN_RULE_NOT_ENFORCED)
+		warn_once(name, "extended network unix socket rules not enforced");
 }
 
 static void writeu16(std::ostringstream &o, int v)
@@ -321,7 +322,8 @@ int unix_rule::gen_policy_re(Profile &prof)
 		if (kernel_supports_network) {
 			/* only warn if we are building against a kernel
 			 * that requires downgrading */
-			warn_once(prof.name, "downgrading extended network unix socket rule to generic network rule\n");
+			if (warnflags & WARN_RULE_DOWNGRADED)
+				warn_once(prof.name, "downgrading extended network unix socket rule to generic network rule\n");
 			/* TODO: add ability to abort instead of downgrade */
 			return RULE_OK;
 		}