From 9aa5e3f3884cb2c3a5741592e51a822c5f9e6217 Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Tue, 9 Jun 2020 23:28:41 +0200
Subject: [PATCH 1/3] Change `#include` to `include` in abstractions and
 tunables

---
 profiles/apparmor.d/abstractions/X            |  2 +-
 .../apparmor.d/abstractions/apache2-common    |  2 +-
 .../abstractions/apparmor_api/change_profile  |  2 +-
 .../abstractions/apparmor_api/is_enabled      |  2 +-
 .../apparmor.d/abstractions/authentication    | 12 +++----
 profiles/apparmor.d/abstractions/dbus         |  2 +-
 .../abstractions/dbus-accessibility           |  2 +-
 profiles/apparmor.d/abstractions/dbus-session |  2 +-
 profiles/apparmor.d/abstractions/enchant      |  2 +-
 profiles/apparmor.d/abstractions/exo-open     | 20 +++++------
 profiles/apparmor.d/abstractions/fcitx        |  2 +-
 profiles/apparmor.d/abstractions/fcitx-strict |  2 +-
 profiles/apparmor.d/abstractions/gio-open     | 12 +++----
 profiles/apparmor.d/abstractions/gnome        | 14 ++++----
 profiles/apparmor.d/abstractions/gvfs-open    | 12 +++----
 profiles/apparmor.d/abstractions/kde          | 14 ++++----
 profiles/apparmor.d/abstractions/kde-open5    | 36 +++++++++----------
 profiles/apparmor.d/abstractions/ldapclient   |  2 +-
 .../apparmor.d/abstractions/libpam-systemd    |  2 +-
 profiles/apparmor.d/abstractions/nameservice  | 14 ++++----
 profiles/apparmor.d/abstractions/opencl       |  8 ++---
 profiles/apparmor.d/abstractions/opencl-intel |  6 ++--
 profiles/apparmor.d/abstractions/opencl-mesa  |  2 +-
 .../apparmor.d/abstractions/opencl-nvidia     |  4 +--
 profiles/apparmor.d/abstractions/opencl-pocl  |  6 ++--
 profiles/apparmor.d/abstractions/php5         |  2 +-
 .../abstractions/private-files-strict         |  2 +-
 .../abstractions/ubuntu-bittorrent-clients    |  4 +--
 .../apparmor.d/abstractions/ubuntu-browsers   |  4 +--
 .../abstractions/ubuntu-browsers.d/java       | 32 ++++++++---------
 .../abstractions/ubuntu-browsers.d/kde        |  6 ++--
 .../abstractions/ubuntu-browsers.d/mailto     |  6 ++--
 .../abstractions/ubuntu-browsers.d/multimedia | 14 ++++----
 .../ubuntu-browsers.d/plugins-common          |  2 +-
 .../ubuntu-browsers.d/productivity            |  4 +--
 .../ubuntu-browsers.d/text-editors            |  4 +--
 .../ubuntu-browsers.d/ubuntu-integration      |  4 +--
 .../ubuntu-browsers.d/ubuntu-integration-xul  |  2 +-
 .../abstractions/ubuntu-browsers.d/user-files |  2 +-
 .../abstractions/ubuntu-console-browsers      |  6 ++--
 .../abstractions/ubuntu-console-email         |  6 ++--
 profiles/apparmor.d/abstractions/ubuntu-email |  4 +--
 .../abstractions/ubuntu-feed-readers          |  4 +--
 .../abstractions/ubuntu-gnome-terminal        |  2 +-
 .../apparmor.d/abstractions/ubuntu-helpers    | 10 +++---
 .../apparmor.d/abstractions/ubuntu-konsole    |  4 +--
 .../abstractions/ubuntu-media-players         |  4 +--
 .../abstractions/ubuntu-unity7-base           |  6 ++--
 profiles/apparmor.d/abstractions/ubuntu-xterm |  2 +-
 profiles/apparmor.d/abstractions/xdg-open     | 20 +++++------
 profiles/apparmor.d/tunables/apparmorfs       |  2 +-
 profiles/apparmor.d/tunables/global           | 16 ++++-----
 profiles/apparmor.d/tunables/home             |  2 +-
 profiles/apparmor.d/tunables/multiarch        |  2 +-
 profiles/apparmor.d/tunables/xdg-user-dirs    |  2 +-
 55 files changed, 182 insertions(+), 182 deletions(-)

diff --git a/profiles/apparmor.d/abstractions/X b/profiles/apparmor.d/abstractions/X
index 50f0e983f..0a08f03df 100644
--- a/profiles/apparmor.d/abstractions/X
+++ b/profiles/apparmor.d/abstractions/X
@@ -12,7 +12,7 @@
 
   abi <abi/3.0>,
 
-  #include <abstractions/dri-common>
+  include <abstractions/dri-common>
 
 
   # .ICEauthority files required for X authentication, per user
diff --git a/profiles/apparmor.d/abstractions/apache2-common b/profiles/apparmor.d/abstractions/apache2-common
index be63d489e..d3f922493 100644
--- a/profiles/apparmor.d/abstractions/apache2-common
+++ b/profiles/apparmor.d/abstractions/apache2-common
@@ -4,7 +4,7 @@
 
   abi <abi/3.0>,
 
-  #include <abstractions/nameservice>
+  include <abstractions/nameservice>
 
   # Allow unconfined processes to send us signals by default
   signal (receive) peer=unconfined,
diff --git a/profiles/apparmor.d/abstractions/apparmor_api/change_profile b/profiles/apparmor.d/abstractions/apparmor_api/change_profile
index 72a2f1ce5..30f05fe4b 100644
--- a/profiles/apparmor.d/abstractions/apparmor_api/change_profile
+++ b/profiles/apparmor.d/abstractions/apparmor_api/change_profile
@@ -8,6 +8,6 @@
 
 abi <abi/3.0>,
 
-#include <abstractions/apparmor_api/introspect>
+include <abstractions/apparmor_api/introspect>
 
 @{PROC}/@{tid}/attr/{current,exec} w,
diff --git a/profiles/apparmor.d/abstractions/apparmor_api/is_enabled b/profiles/apparmor.d/abstractions/apparmor_api/is_enabled
index 5ff168903..56b1afd12 100644
--- a/profiles/apparmor.d/abstractions/apparmor_api/is_enabled
+++ b/profiles/apparmor.d/abstractions/apparmor_api/is_enabled
@@ -13,7 +13,7 @@ abi <abi/3.0>,
 # Make sure to include tunables/apparmorfs and tunables/global
 # when using this abstraction
 
-#include <abstractions/apparmor_api/find_mountpoint>
+include <abstractions/apparmor_api/find_mountpoint>
 @{sys}/module/apparmor/parameters/enabled r,
 
 # TODO: add alternate apparmorfs interface for enabled
diff --git a/profiles/apparmor.d/abstractions/authentication b/profiles/apparmor.d/abstractions/authentication
index 3963df78f..2612bd584 100644
--- a/profiles/apparmor.d/abstractions/authentication
+++ b/profiles/apparmor.d/abstractions/authentication
@@ -32,25 +32,25 @@
   /{usr/,}lib/@{multiarch}/security/              r,
 
   # kerberos
-  #include <abstractions/kerberosclient>
+  include <abstractions/kerberosclient>
   # SuSE's pwdutils are different:
   /{usr/,}etc/default/passwd         r,
   /{usr/,}etc/login.defs             r,
 
   # nis
-  #include <abstractions/nis>
+  include <abstractions/nis>
 
   # winbind
-  #include <abstractions/winbind>
+  include <abstractions/winbind>
 
   # likewise
-  #include <abstractions/likewise>
+  include <abstractions/likewise>
 
   # smbpass
-  #include <abstractions/smbpass>
+  include <abstractions/smbpass>
 
   # p11-kit (PKCS#11 modules configuration)
-  #include <abstractions/p11-kit>
+  include <abstractions/p11-kit>
 
   # Include additions to the abstraction
   include if exists <abstractions/authentication.d>
diff --git a/profiles/apparmor.d/abstractions/dbus b/profiles/apparmor.d/abstractions/dbus
index 794c6172c..b96ca09ac 100644
--- a/profiles/apparmor.d/abstractions/dbus
+++ b/profiles/apparmor.d/abstractions/dbus
@@ -14,7 +14,7 @@
   # This abstraction grants full system bus access. Consider using the
   # dbus-strict abstraction for fine-grained bus mediation.
 
-  #include <abstractions/dbus-strict>
+  include <abstractions/dbus-strict>
   dbus bus=system,
 
   # Include additions to the abstraction
diff --git a/profiles/apparmor.d/abstractions/dbus-accessibility b/profiles/apparmor.d/abstractions/dbus-accessibility
index 6de4be3a4..3c49a32ff 100644
--- a/profiles/apparmor.d/abstractions/dbus-accessibility
+++ b/profiles/apparmor.d/abstractions/dbus-accessibility
@@ -14,7 +14,7 @@
   # This abstraction grants full accessibility bus access. Consider using the
   # dbus-accessibility-strict abstraction for fine-grained bus mediation.
 
-  #include <abstractions/dbus-accessibility-strict>
+  include <abstractions/dbus-accessibility-strict>
   dbus bus=accessibility,
 
   # Include additions to the abstraction
diff --git a/profiles/apparmor.d/abstractions/dbus-session b/profiles/apparmor.d/abstractions/dbus-session
index 5bfe55a02..9b8b979e7 100644
--- a/profiles/apparmor.d/abstractions/dbus-session
+++ b/profiles/apparmor.d/abstractions/dbus-session
@@ -14,7 +14,7 @@
   # This abstraction grants full session bus access. Consider using the
   # dbus-session-strict abstraction for fine-grained bus mediation.
 
-  #include <abstractions/dbus-session-strict>
+  include <abstractions/dbus-session-strict>
   /usr/bin/dbus-launch ix,
   dbus bus=session,
 
diff --git a/profiles/apparmor.d/abstractions/enchant b/profiles/apparmor.d/abstractions/enchant
index 1ddd51bd2..190ba4283 100644
--- a/profiles/apparmor.d/abstractions/enchant
+++ b/profiles/apparmor.d/abstractions/enchant
@@ -17,7 +17,7 @@
   /usr/share/enchant/enchant.ordering              r,
 
   # aspell
-  #include <abstractions/aspell>
+  include <abstractions/aspell>
   /var/lib/dictionaries-common/aspell/             r,
   /var/lib/dictionaries-common/aspell/*            r,
 
diff --git a/profiles/apparmor.d/abstractions/exo-open b/profiles/apparmor.d/abstractions/exo-open
index b9318b1bc..5717e4d79 100644
--- a/profiles/apparmor.d/abstractions/exo-open
+++ b/profiles/apparmor.d/abstractions/exo-open
@@ -20,27 +20,27 @@
 #
 # # out-of-line child profile
 # profile foo//exo-open {
-#   #include <abstractions/exo-open>
+#   include <abstractions/exo-open>
 #
 #   # needed for ubuntu-* abstractions
-#   #include <abstractions/ubuntu-helpers>
+#   include <abstractions/ubuntu-helpers>
 #
 #   # Only allow to handle http[s]: and mailto: links
-#   #include <abstractions/ubuntu-browsers>
-#   #include <abstractions/ubuntu-email>
+#   include <abstractions/ubuntu-browsers>
+#   include <abstractions/ubuntu-email>
 #
 #   # Add if accesibility access is considered as required
 #   # (for message boxe in case exo-open fails)
-#   #include <abstractions/dbus-accessibility>
+#   include <abstractions/dbus-accessibility>
 #
 #   # < add additional allowed applications here >
 # }
 
-  #include <abstractions/X>
-  #include <abstractions/audio> # for alert messages
-  #include <abstractions/base>
-  #include <abstractions/dbus-session-strict>
-  #include <abstractions/gnome>
+  include <abstractions/X>
+  include <abstractions/audio> # for alert messages
+  include <abstractions/base>
+  include <abstractions/dbus-session-strict>
+  include <abstractions/gnome>
 
   # Main executables
 
diff --git a/profiles/apparmor.d/abstractions/fcitx b/profiles/apparmor.d/abstractions/fcitx
index 8911cfa0a..9321bfcd2 100644
--- a/profiles/apparmor.d/abstractions/fcitx
+++ b/profiles/apparmor.d/abstractions/fcitx
@@ -11,7 +11,7 @@
 
   abi <abi/3.0>,
 
-  #include <abstractions/fcitx-strict>
+  include <abstractions/fcitx-strict>
   dbus bus=fcitx,
 
   # Include additions to the abstraction
diff --git a/profiles/apparmor.d/abstractions/fcitx-strict b/profiles/apparmor.d/abstractions/fcitx-strict
index 50a3ff775..19d2191df 100644
--- a/profiles/apparmor.d/abstractions/fcitx-strict
+++ b/profiles/apparmor.d/abstractions/fcitx-strict
@@ -11,7 +11,7 @@
 
   abi <abi/3.0>,
 
-  #include <abstractions/dbus-session-strict>
+  include <abstractions/dbus-session-strict>
 
   dbus send
       bus=fcitx
diff --git a/profiles/apparmor.d/abstractions/gio-open b/profiles/apparmor.d/abstractions/gio-open
index fcb50040c..fda1fb9e3 100644
--- a/profiles/apparmor.d/abstractions/gio-open
+++ b/profiles/apparmor.d/abstractions/gio-open
@@ -20,20 +20,20 @@
 #
 # # out-of-line child profile
 # profile foo//gio-open {
-#   #include <abstractions/gio-open>
+#   include <abstractions/gio-open>
 #
 #   # needed for ubuntu-* abstractions
-#   #include <abstractions/ubuntu-helpers>
+#   include <abstractions/ubuntu-helpers>
 #
 #   # Only allow to handle http[s]: and mailto: links
-#   #include <abstractions/ubuntu-browsers>
-#   #include <abstractions/ubuntu-email>
+#   include <abstractions/ubuntu-browsers>
+#   include <abstractions/ubuntu-email>
 #
 #   # < add additional allowed applications here >
 # }
 
-  #include <abstractions/base>
-  #include <abstractions/dbus-session-strict>
+  include <abstractions/base>
+  include <abstractions/dbus-session-strict>
 
   # Main executables
 
diff --git a/profiles/apparmor.d/abstractions/gnome b/profiles/apparmor.d/abstractions/gnome
index f7f1cbac7..6cafe7dce 100644
--- a/profiles/apparmor.d/abstractions/gnome
+++ b/profiles/apparmor.d/abstractions/gnome
@@ -12,13 +12,13 @@
 
   abi <abi/3.0>,
 
-#include <abstractions/base>
-#include <abstractions/fonts>
-#include <abstractions/X>
-#include <abstractions/freedesktop.org>
-#include <abstractions/xdg-desktop>
-#include <abstractions/user-tmp>
-#include <abstractions/wayland>
+  include <abstractions/base>
+  include <abstractions/fonts>
+  include <abstractions/X>
+  include <abstractions/freedesktop.org>
+  include <abstractions/xdg-desktop>
+  include <abstractions/user-tmp>
+  include <abstractions/wayland>
 
   # systemwide gtk defaults
   /etc/gnome/gtkrc*               r,
diff --git a/profiles/apparmor.d/abstractions/gvfs-open b/profiles/apparmor.d/abstractions/gvfs-open
index 8f86bf959..32653148a 100644
--- a/profiles/apparmor.d/abstractions/gvfs-open
+++ b/profiles/apparmor.d/abstractions/gvfs-open
@@ -20,23 +20,23 @@
 #
 # # out-of-line child profile
 # profile foo//gvfs-open {
-#   #include <abstractions/gvfs-open>
+#   include <abstractions/gvfs-open>
 #
 #   # needed for ubuntu-* abstractions
-#   #include <abstractions/ubuntu-helpers>
+#   include <abstractions/ubuntu-helpers>
 #
 #   # Only allow to handle http[s]: and mailto: links
-#   #include <abstractions/ubuntu-browsers>
-#   #include <abstractions/ubuntu-email>
+#   include <abstractions/ubuntu-browsers>
+#   include <abstractions/ubuntu-email>
 #
 #   # < add additional allowed applications here >
 # }
 # ```
 
-  #include <abstractions/base>
+  include <abstractions/base>
 
   # gvfs-open is deprecated, it launches gio open <uri>
-  #include <abstractions/gio-open>
+  include <abstractions/gio-open>
 
   # Main executables
 
diff --git a/profiles/apparmor.d/abstractions/kde b/profiles/apparmor.d/abstractions/kde
index 412a9bd8f..a8eb44f8e 100644
--- a/profiles/apparmor.d/abstractions/kde
+++ b/profiles/apparmor.d/abstractions/kde
@@ -11,13 +11,13 @@
 
 abi <abi/3.0>,
 
-#include <abstractions/base>
-#include <abstractions/fonts>
-#include <abstractions/X>
-#include <abstractions/freedesktop.org>
-#include <abstractions/xdg-desktop>
-#include <abstractions/user-tmp>
-#include <abstractions/qt5>
+include <abstractions/base>
+include <abstractions/fonts>
+include <abstractions/X>
+include <abstractions/freedesktop.org>
+include <abstractions/xdg-desktop>
+include <abstractions/user-tmp>
+include <abstractions/qt5>
 
 /etc/qt3/kstylerc r,
 /etc/qt3/qt_plugins_3.3rc r,
diff --git a/profiles/apparmor.d/abstractions/kde-open5 b/profiles/apparmor.d/abstractions/kde-open5
index 3e3b27467..5f4e0f753 100644
--- a/profiles/apparmor.d/abstractions/kde-open5
+++ b/profiles/apparmor.d/abstractions/kde-open5
@@ -20,18 +20,18 @@
 #
 # # out-of-line child profile
 # profile foo//kde-open5 {
-#   #include <abstractions/kde-open5>
+#   include <abstractions/kde-open5>
 #
 #   # needed for ubuntu-* abstractions
-#   #include <abstractions/ubuntu-helpers>
+#   include <abstractions/ubuntu-helpers>
 #
 #   # Only allow to handle http[s]: and mailto: links
-#   #include <abstractions/ubuntu-browsers>
-#   #include <abstractions/ubuntu-email>
+#   include <abstractions/ubuntu-browsers>
+#   include <abstractions/ubuntu-email>
 #
 #   # Add if accesibility access is considered as required
 #   # (for message boxe in case exo-open fails)
-#   #include <abstractions/dbus-accessibility>
+#   include <abstractions/dbus-accessibility>
 #
 #   # Add if audio support for message box is
 #   # considered as required.
@@ -41,19 +41,19 @@
 # }
 # ```
 
-  #include <abstractions/audio> # for alert messages
-  #include <abstractions/base>
-  #include <abstractions/dbus-accessibility-strict>
-  #include <abstractions/dbus-network-manager-strict>
-  #include <abstractions/dbus-session-strict>
-  #include <abstractions/dbus-strict>
-  #include <abstractions/kde-icon-cache-write>
-  #include <abstractions/kde>
-  #include <abstractions/nameservice> # for IceProcessMessages () from libICE.so (called by libQtCore.so)
-  #include <abstractions/openssl>
-  #include <abstractions/qt5>
-  #include <abstractions/recent-documents-write>
-  #include <abstractions/X>
+  include <abstractions/audio> # for alert messages
+  include <abstractions/base>
+  include <abstractions/dbus-accessibility-strict>
+  include <abstractions/dbus-network-manager-strict>
+  include <abstractions/dbus-session-strict>
+  include <abstractions/dbus-strict>
+  include <abstractions/kde-icon-cache-write>
+  include <abstractions/kde>
+  include <abstractions/nameservice> # for IceProcessMessages () from libICE.so (called by libQtCore.so)
+  include <abstractions/openssl>
+  include <abstractions/qt5>
+  include <abstractions/recent-documents-write>
+  include <abstractions/X>
 
   # Main executables
 
diff --git a/profiles/apparmor.d/abstractions/ldapclient b/profiles/apparmor.d/abstractions/ldapclient
index 81b5cc916..550963c43 100644
--- a/profiles/apparmor.d/abstractions/ldapclient
+++ b/profiles/apparmor.d/abstractions/ldapclient
@@ -23,7 +23,7 @@
   # local LDAP name service daemon
   @{run}/nslcd/socket  rw,
 
-  #include <abstractions/ssl_certs>
+  include <abstractions/ssl_certs>
 
   # Include additions to the abstraction
   include if exists <abstractions/ldapclient.d>
diff --git a/profiles/apparmor.d/abstractions/libpam-systemd b/profiles/apparmor.d/abstractions/libpam-systemd
index 124968298..b99765f98 100644
--- a/profiles/apparmor.d/abstractions/libpam-systemd
+++ b/profiles/apparmor.d/abstractions/libpam-systemd
@@ -11,7 +11,7 @@
 
   abi <abi/3.0>,
 
-#include <abstractions/dbus-strict>
+include <abstractions/dbus-strict>
 
   # libpam-systemd notifies systemd-logind about session logins/logouts
   dbus send
diff --git a/profiles/apparmor.d/abstractions/nameservice b/profiles/apparmor.d/abstractions/nameservice
index d7d670af2..41e477640 100644
--- a/profiles/apparmor.d/abstractions/nameservice
+++ b/profiles/apparmor.d/abstractions/nameservice
@@ -72,25 +72,25 @@
   /{usr/,}etc/libnl-*/classid r,
 
   # nis
-  #include <abstractions/nis>
+  include <abstractions/nis>
 
   # ldap
-  #include <abstractions/ldapclient>
+  include <abstractions/ldapclient>
 
   # winbind
-  #include <abstractions/winbind>
+  include <abstractions/winbind>
 
   # likewise
-  #include <abstractions/likewise>
+  include <abstractions/likewise>
 
   # mdnsd
-  #include <abstractions/mdns>
+  include <abstractions/mdns>
 
   # kerberos
-  #include <abstractions/kerberosclient>
+  include <abstractions/kerberosclient>
 
   #libnss-systemd
-  #include <abstractions/nss-systemd>
+  include <abstractions/nss-systemd>
 
   # Also allow lookups for systemd-exec's DynamicUsers via D-Bus
   #   https://www.freedesktop.org/software/systemd/man/systemd.exec.html
diff --git a/profiles/apparmor.d/abstractions/opencl b/profiles/apparmor.d/abstractions/opencl
index 0aad90ee5..58b353238 100644
--- a/profiles/apparmor.d/abstractions/opencl
+++ b/profiles/apparmor.d/abstractions/opencl
@@ -5,10 +5,10 @@
 # OpenCL access requirements
 
   # TODO: use conditionals to select allowed implementations
-  #include <abstractions/opencl-intel>
-  #include <abstractions/opencl-mesa>
-  #include <abstractions/opencl-nvidia>
-  #include <abstractions/opencl-pocl>
+  include <abstractions/opencl-intel>
+  include <abstractions/opencl-mesa>
+  include <abstractions/opencl-nvidia>
+  include <abstractions/opencl-pocl>
 
 
   # Include additions to the abstraction
diff --git a/profiles/apparmor.d/abstractions/opencl-intel b/profiles/apparmor.d/abstractions/opencl-intel
index bc2b6ce64..4d0472330 100644
--- a/profiles/apparmor.d/abstractions/opencl-intel
+++ b/profiles/apparmor.d/abstractions/opencl-intel
@@ -4,13 +4,13 @@
 
 # OpenCL access requirements for Intel implementation
 
-  #include <abstractions/opencl-common>
+  include <abstractions/opencl-common>
 
   # for libcl.so (libOpenCL.so -> beignet/libcl.so calls XOpenDisplay())
-  #include <abstractions/X>
+  include <abstractions/X>
 
   # for libOpenCL.so -> beignet/libcl.so -> libpciaccess.so
-  #include <abstractions/dri-enumerate>
+  include <abstractions/dri-enumerate>
 
   # System files
 
diff --git a/profiles/apparmor.d/abstractions/opencl-mesa b/profiles/apparmor.d/abstractions/opencl-mesa
index 70ecf4502..a5cada614 100644
--- a/profiles/apparmor.d/abstractions/opencl-mesa
+++ b/profiles/apparmor.d/abstractions/opencl-mesa
@@ -4,7 +4,7 @@
 
 # OpenCL access requirements for Mesa implementation
 
-  #include <abstractions/opencl-common>
+  include <abstractions/opencl-common>
 
   # Additional libraries
 
diff --git a/profiles/apparmor.d/abstractions/opencl-nvidia b/profiles/apparmor.d/abstractions/opencl-nvidia
index bc903b907..bbd432b14 100644
--- a/profiles/apparmor.d/abstractions/opencl-nvidia
+++ b/profiles/apparmor.d/abstractions/opencl-nvidia
@@ -4,8 +4,8 @@
 
 # OpenCL access requirements for NVIDIA implementation
 
-  #include <abstractions/nvidia>
-  #include <abstractions/opencl-common>
+  include <abstractions/nvidia>
+  include <abstractions/opencl-common>
 
   # Executables
 
diff --git a/profiles/apparmor.d/abstractions/opencl-pocl b/profiles/apparmor.d/abstractions/opencl-pocl
index ffe73380a..8b93b0dc3 100644
--- a/profiles/apparmor.d/abstractions/opencl-pocl
+++ b/profiles/apparmor.d/abstractions/opencl-pocl
@@ -3,7 +3,7 @@
 
   abi <abi/3.0>,
 
-  #include <abstractions/opencl-common>
+  include <abstractions/opencl-common>
 
   # Executables
 
@@ -43,7 +43,7 @@
   # Child profiles
 
   profile opencl_pocl_ld {
-    #include <abstractions/base>
+    include <abstractions/base>
 
     # Main executables
 
@@ -56,7 +56,7 @@
   }
 
   profile opencl_pocl_clang {
-    #include <abstractions/base>
+    include <abstractions/base>
 
     # Main executables
 
diff --git a/profiles/apparmor.d/abstractions/php5 b/profiles/apparmor.d/abstractions/php5
index ffda43157..25f8001e8 100644
--- a/profiles/apparmor.d/abstractions/php5
+++ b/profiles/apparmor.d/abstractions/php5
@@ -2,7 +2,7 @@
 
   abi <abi/3.0>,
 
-#include <abstractions/php>
+  include <abstractions/php>
 
   # Include additions to the abstraction
   include if exists <abstractions/php5.d>
diff --git a/profiles/apparmor.d/abstractions/private-files-strict b/profiles/apparmor.d/abstractions/private-files-strict
index c4a1318ee..f732bec89 100644
--- a/profiles/apparmor.d/abstractions/private-files-strict
+++ b/profiles/apparmor.d/abstractions/private-files-strict
@@ -4,7 +4,7 @@
 
   abi <abi/3.0>,
 
-  #include <abstractions/private-files>
+  include <abstractions/private-files>
 
   # potentially extremely sensitive files
   audit deny @{HOME}/.aws/{,**} mrwkl,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-bittorrent-clients b/profiles/apparmor.d/abstractions/ubuntu-bittorrent-clients
index 131130fe3..0d929ad61 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-bittorrent-clients
+++ b/profiles/apparmor.d/abstractions/ubuntu-bittorrent-clients
@@ -2,9 +2,9 @@
 #
 # abstraction for allowing graphical bittorrent clients in Ubuntu
 #
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
 # in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+#   include <abstractions/ubuntu-helpers>
 
   abi <abi/3.0>,
 
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers b/profiles/apparmor.d/abstractions/ubuntu-browsers
index da2996bd1..a0548f4be 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers
@@ -2,9 +2,9 @@
 #
 # abstraction for allowing access to graphical browsers in Ubuntu
 #
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
 # in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+#   include <abstractions/ubuntu-helpers>
 
   abi <abi/3.0>,
 
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java
index f36d0ba4a..507d62a0a 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java
@@ -20,14 +20,14 @@
   # unfortunate workarounds of the proprietary Javas, so have a separate
   # profile.
   profile browser_openjdk {
-    #include <abstractions/base>
-    #include <abstractions/fonts>
-    #include <abstractions/gnome>
-    #include <abstractions/kde>
-    #include <abstractions/nameservice>
-    #include <abstractions/ssl_certs>
-    #include <abstractions/user-tmp>
-    #include <abstractions/private-files-strict>
+    include <abstractions/base>
+    include <abstractions/fonts>
+    include <abstractions/gnome>
+    include <abstractions/kde>
+    include <abstractions/nameservice>
+    include <abstractions/ssl_certs>
+    include <abstractions/user-tmp>
+    include <abstractions/private-files-strict>
 
     network inet stream,
     network inet6 stream,
@@ -65,14 +65,14 @@
   # Profile for commercial Javas. These need workarounds to work right (eg
   # Sun's forcing of an executable stack (LP: #535247)).
   profile browser_java {
-    #include <abstractions/base>
-    #include <abstractions/fonts>
-    #include <abstractions/gnome>
-    #include <abstractions/kde>
-    #include <abstractions/nameservice>
-    #include <abstractions/ssl_certs>
-    #include <abstractions/user-tmp>
-    #include <abstractions/private-files-strict>
+    include <abstractions/base>
+    include <abstractions/fonts>
+    include <abstractions/gnome>
+    include <abstractions/kde>
+    include <abstractions/nameservice>
+    include <abstractions/ssl_certs>
+    include <abstractions/user-tmp>
+    include <abstractions/private-files-strict>
 
     network inet stream,
     network inet6 stream,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/kde b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/kde
index ec97bf4ed..bdac331e3 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/kde
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/kde
@@ -1,9 +1,9 @@
 # vim:syntax=apparmor
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
 # in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+#   include <abstractions/ubuntu-helpers>
 
   abi <abi/3.0>,
 
-  #include <abstractions/kde>
+  include <abstractions/kde>
   /usr/bin/kde4-config Cx -> sanitized_helper,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/mailto b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/mailto
index bd8d97c1d..8d1570986 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/mailto
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/mailto
@@ -3,9 +3,9 @@
   abi <abi/3.0>,
 
   # for mailto:
-  #include <abstractions/ubuntu-email>
-  #include <abstractions/ubuntu-console-email>
+  include <abstractions/ubuntu-email>
+  include <abstractions/ubuntu-console-email>
 
   # Terminals for using console applications. These abstractions should ideally
   # have 'ix' to restrct access to what only firefox is allowed to do
-  #include <abstractions/ubuntu-gnome-terminal>
+  include <abstractions/ubuntu-gnome-terminal>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/multimedia b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/multimedia
index af7d7e970..f2eb23ef3 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/multimedia
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/multimedia
@@ -1,11 +1,11 @@
 # vim:syntax=apparmor
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
 # in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+#   include <abstractions/ubuntu-helpers>
 
   abi <abi/3.0>,
 
-  #include <abstractions/X>
+  include <abstractions/X>
 
   # Pulseaudio
   /usr/bin/pulseaudio Pixr,
@@ -17,7 +17,7 @@
   /usr/bin/digikam Cxr -> sanitized_helper,
   /usr/bin/gwenview Cxr -> sanitized_helper,
 
-  #include <abstractions/ubuntu-media-players>
+  include <abstractions/ubuntu-media-players>
   owner @{HOME}/.adobe/ w,
   owner @{HOME}/.adobe/** rw,
   owner @{HOME}/.macromedia/ w,
@@ -27,7 +27,7 @@
   /usr/bin/lpr Cxr -> sanitized_helper,
 
   # Bittorrent clients
-  #include <abstractions/ubuntu-bittorrent-clients>
+  include <abstractions/ubuntu-bittorrent-clients>
 
   # Archivers
   /usr/bin/ark Cxr -> sanitized_helper,
@@ -36,10 +36,10 @@
   /usr/local/lib{,32,64}/*.so* mr,
 
   # News feed readers
-  #include <abstractions/ubuntu-feed-readers>
+  include <abstractions/ubuntu-feed-readers>
 
   # If we allow the above, nvidia based systems will also need this
-  #include <abstractions/nvidia>
+  include <abstractions/nvidia>
 
   # Virus scanners
   /usr/bin/clamscan Cx -> sanitized_helper,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/plugins-common b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/plugins-common
index af04542bc..5d93b262e 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/plugins-common
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/plugins-common
@@ -15,4 +15,4 @@
 
   # Since all the ubuntu-browsers.d abstractions need this, just include it
   # here
-  #include <abstractions/ubuntu-helpers>
+  include <abstractions/ubuntu-helpers>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/productivity b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/productivity
index a6df71323..1fc67a84a 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/productivity
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/productivity
@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
 # in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+#   include <abstractions/ubuntu-helpers>
 
   abi <abi/3.0>,
 
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/text-editors b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/text-editors
index 246ac1ae2..e04c6b80b 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/text-editors
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/text-editors
@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
 # in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+#   include <abstractions/ubuntu-helpers>
 
   abi <abi/3.0>,
 
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration
index c18aece17..d8fcdf1f1 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration
@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
 # in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+#   include <abstractions/ubuntu-helpers>
 
   abi <abi/3.0>,
 
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration-xul b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration-xul
index 8e4c0dd89..c6a8eeddd 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration-xul
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration-xul
@@ -3,6 +3,6 @@
   abi <abi/3.0>,
 
   # firefox-notify
-  #include <abstractions/python>
+  include <abstractions/python>
   /usr/bin/python2.[4567] ix,
   /usr/share/xul-ext/notify/**/download_complete_notify.py ix,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files
index cc31ddcc9..e2965f019 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files
@@ -9,7 +9,7 @@
   owner @{HOME}/** w,
 
   # Do not allow read and/or write to particularly sensitive/problematic files
-  #include <abstractions/private-files>
+  include <abstractions/private-files>
   audit deny @{HOME}/.ssh/{,**} mrwkl,
   audit deny @{HOME}/.gnome2_private/{,**} mrwkl,
   audit deny @{HOME}/.kde{,4}/{,share/,share/apps/} w,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-console-browsers b/profiles/apparmor.d/abstractions/ubuntu-console-browsers
index bf7f1d93d..8f6687ae1 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-console-browsers
+++ b/profiles/apparmor.d/abstractions/ubuntu-console-browsers
@@ -4,11 +4,11 @@
 # typically also need a terminal, so when using this abstraction, should also
 # do something like:
 #
-# #include <abstractions/ubuntu-gnome-terminal>
+# include <abstractions/ubuntu-gnome-terminal>
 #
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
 # in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+#   include <abstractions/ubuntu-helpers>
 
   abi <abi/3.0>,
 
diff --git a/profiles/apparmor.d/abstractions/ubuntu-console-email b/profiles/apparmor.d/abstractions/ubuntu-console-email
index 7ee39ebbf..ee741fdfd 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-console-email
+++ b/profiles/apparmor.d/abstractions/ubuntu-console-email
@@ -4,11 +4,11 @@
 # typically also need a terminal, so when using this abstraction, should also
 # do something like:
 #
-# #include <abstractions/ubuntu-gnome-terminal>
+# include <abstractions/ubuntu-gnome-terminal>
 #
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
 # in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+#   include <abstractions/ubuntu-helpers>
 
   abi <abi/3.0>,
 
diff --git a/profiles/apparmor.d/abstractions/ubuntu-email b/profiles/apparmor.d/abstractions/ubuntu-email
index 7491aa768..45f02eba2 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-email
+++ b/profiles/apparmor.d/abstractions/ubuntu-email
@@ -2,9 +2,9 @@
 #
 # abstraction for allowing graphical email clients in Ubuntu
 #
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
 # in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+#   include <abstractions/ubuntu-helpers>
 
   abi <abi/3.0>,
 
diff --git a/profiles/apparmor.d/abstractions/ubuntu-feed-readers b/profiles/apparmor.d/abstractions/ubuntu-feed-readers
index eecfa40a9..e8b89b1d3 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-feed-readers
+++ b/profiles/apparmor.d/abstractions/ubuntu-feed-readers
@@ -2,9 +2,9 @@
 #
 # abstraction for allowing graphical news feed readers in Ubuntu
 #
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
 # in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+#   include <abstractions/ubuntu-helpers>
 
   abi <abi/3.0>,
 
diff --git a/profiles/apparmor.d/abstractions/ubuntu-gnome-terminal b/profiles/apparmor.d/abstractions/ubuntu-gnome-terminal
index 5acbe809d..c6280b0ef 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-gnome-terminal
+++ b/profiles/apparmor.d/abstractions/ubuntu-gnome-terminal
@@ -5,7 +5,7 @@
 
   abi <abi/3.0>,
 
-  #include <abstractions/gnome>
+  include <abstractions/gnome>
 
   # do not use ux or PUx here. Use at a minimum ix
   /usr/bin/gnome-terminal ix,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-helpers b/profiles/apparmor.d/abstractions/ubuntu-helpers
index 4c22aa8b8..101cd599f 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-helpers
+++ b/profiles/apparmor.d/abstractions/ubuntu-helpers
@@ -9,7 +9,7 @@
 #
 # Usage:
 # Because this abstraction defines the sanitized_helper profile, it must only
-# be #included once. Therefore this abstraction should typically not be
+# be included once. Therefore this abstraction should typically not be
 # included in other abstractions so as to avoid parser errors regarding
 # multiple definitions.
 #
@@ -34,16 +34,16 @@
   abi <abi/3.0>,
 
 profile sanitized_helper {
-  #include <abstractions/base>
-  #include <abstractions/X>
+  include <abstractions/base>
+  include <abstractions/X>
 
   # Allow all networking
   network inet,
   network inet6,
 
   # Allow all DBus communications
-  #include <abstractions/dbus-session-strict>
-  #include <abstractions/dbus-strict>
+  include <abstractions/dbus-session-strict>
+  include <abstractions/dbus-strict>
   dbus,
 
   # Needed for Google Chrome
diff --git a/profiles/apparmor.d/abstractions/ubuntu-konsole b/profiles/apparmor.d/abstractions/ubuntu-konsole
index 9f2d92426..4ece2bd37 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-konsole
+++ b/profiles/apparmor.d/abstractions/ubuntu-konsole
@@ -5,8 +5,8 @@
 
   abi <abi/3.0>,
 
-  #include <abstractions/consoles>
-  #include <abstractions/kde>
+  include <abstractions/consoles>
+  include <abstractions/kde>
   capability sys_ptrace,
   @{PROC}/@{pid}/status r,
   @{PROC}/@{pid}/stat r,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-media-players b/profiles/apparmor.d/abstractions/ubuntu-media-players
index 88a623d5e..5fa48e75b 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-media-players
+++ b/profiles/apparmor.d/abstractions/ubuntu-media-players
@@ -2,9 +2,9 @@
 #
 # abstraction for allowing access to media players in Ubuntu
 #
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
 # in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+#   include <abstractions/ubuntu-helpers>
 
   abi <abi/3.0>,
 
diff --git a/profiles/apparmor.d/abstractions/ubuntu-unity7-base b/profiles/apparmor.d/abstractions/ubuntu-unity7-base
index 8f86e7762..6e207b287 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-unity7-base
+++ b/profiles/apparmor.d/abstractions/ubuntu-unity7-base
@@ -15,10 +15,10 @@
 # Rules common to applications running under Unity 7
 #
 
-#include <abstractions/gnome>
+include <abstractions/gnome>
 
-#include <abstractions/dbus-session-strict>
-#include <abstractions/dbus-strict>
+include <abstractions/dbus-session-strict>
+include <abstractions/dbus-strict>
 
   #
   # Access required for connecting to/communication with Unity HUD
diff --git a/profiles/apparmor.d/abstractions/ubuntu-xterm b/profiles/apparmor.d/abstractions/ubuntu-xterm
index 21487acea..07eacaba9 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-xterm
+++ b/profiles/apparmor.d/abstractions/ubuntu-xterm
@@ -5,7 +5,7 @@
 
   abi <abi/3.0>,
 
-  #include <abstractions/consoles>
+  include <abstractions/consoles>
   /dev/ptmx rw,
   /{,var/}run/utmp r,
   /etc/X11/app-defaults/XTerm r,
diff --git a/profiles/apparmor.d/abstractions/xdg-open b/profiles/apparmor.d/abstractions/xdg-open
index e12cf9f33..aed207104 100644
--- a/profiles/apparmor.d/abstractions/xdg-open
+++ b/profiles/apparmor.d/abstractions/xdg-open
@@ -18,40 +18,40 @@
 #
 # # out-of-line child profile
 # profile foo//xdg-open {
-#   #include <abstractions/xdg-open>
+#   include <abstractions/xdg-open>
 #
 #   # Enable a11y support if considered required by
 #   # profile author for (rare) error message boxes.
-#   #include <abstractions/dbus-accessibility>
+#   include <abstractions/dbus-accessibility>
 #
 #   # Enable gstreamer support if considered required by
 #   # profile author for (rare) error message boxes.
 #   include if exists <abstractions/gstreamer>
 #
 #   # needed for ubuntu-* abstractions
-#   #include <abstractions/ubuntu-helpers>
+#   include <abstractions/ubuntu-helpers>
 #
 #   # Only allow to handle http[s]: and mailto: links
-#   #include <abstractions/ubuntu-browsers>
-#   #include <abstractions/ubuntu-email>
+#   include <abstractions/ubuntu-browsers>
+#   include <abstractions/ubuntu-email>
 #
 #   # < add additional allowed applications here >
 # }
 # ```
 
-  #include <abstractions/base>
+  include <abstractions/base>
 
   # for openin with `exo-open`
-  #include <abstractions/exo-open>
+  include <abstractions/exo-open>
 
   # for opening with `gio open <uri>`
-  #include <abstractions/gio-open>
+  include <abstractions/gio-open>
 
   # for opening with gvfs-open (deprecated)
-  #include <abstractions/gvfs-open>
+  include <abstractions/gvfs-open>
 
   # for opening with kde-open5
-  #include <abstractions/kde-open5>
+  include <abstractions/kde-open5>
 
   # Main executables
 
diff --git a/profiles/apparmor.d/tunables/apparmorfs b/profiles/apparmor.d/tunables/apparmorfs
index 8df867592..2028097f5 100644
--- a/profiles/apparmor.d/tunables/apparmorfs
+++ b/profiles/apparmor.d/tunables/apparmorfs
@@ -6,6 +6,6 @@
 #
 # ------------------------------------------------------------------
 
-#include <tunables/securityfs>
+include <tunables/securityfs>
 
 @{apparmorfs}=@{securityfs}/apparmor/
diff --git a/profiles/apparmor.d/tunables/global b/profiles/apparmor.d/tunables/global
index 3b6f99cc7..1d0819a75 100644
--- a/profiles/apparmor.d/tunables/global
+++ b/profiles/apparmor.d/tunables/global
@@ -12,11 +12,11 @@
 # All the tunables definitions that should be available to every profile
 # should be included here
 
-#include <tunables/home>
-#include <tunables/multiarch>
-#include <tunables/proc>
-#include <tunables/alias>
-#include <tunables/kernelvars>
-#include <tunables/xdg-user-dirs>
-#include <tunables/share>
-#include <tunables/run>
+include <tunables/home>
+include <tunables/multiarch>
+include <tunables/proc>
+include <tunables/alias>
+include <tunables/kernelvars>
+include <tunables/xdg-user-dirs>
+include <tunables/share>
+include <tunables/run>
diff --git a/profiles/apparmor.d/tunables/home b/profiles/apparmor.d/tunables/home
index 550ccd5d7..4df34b55f 100644
--- a/profiles/apparmor.d/tunables/home
+++ b/profiles/apparmor.d/tunables/home
@@ -22,4 +22,4 @@
 
 # Also, include files in tunables/home.d for site-specific adjustments to
 # @{HOMEDIRS}.
-#include <tunables/home.d>
+include <tunables/home.d>
diff --git a/profiles/apparmor.d/tunables/multiarch b/profiles/apparmor.d/tunables/multiarch
index c54082e02..32fd1aa10 100644
--- a/profiles/apparmor.d/tunables/multiarch
+++ b/profiles/apparmor.d/tunables/multiarch
@@ -14,4 +14,4 @@
 
 # Also, include files in tunables/multiarch.d for site and packaging
 # specific adjustments to @{multiarch}.
-#include <tunables/multiarch.d>
+include <tunables/multiarch.d>
diff --git a/profiles/apparmor.d/tunables/xdg-user-dirs b/profiles/apparmor.d/tunables/xdg-user-dirs
index fcaf8d40d..9488f96a2 100644
--- a/profiles/apparmor.d/tunables/xdg-user-dirs
+++ b/profiles/apparmor.d/tunables/xdg-user-dirs
@@ -21,4 +21,4 @@
 
 # Also, include files in tunables/xdg-user-dirs.d for site-specific adjustments
 # to the various XDG directories
-#include <tunables/xdg-user-dirs.d>
+include <tunables/xdg-user-dirs.d>

From f0491d0d64dd8ab90a4c7f368027010ff794f71d Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Tue, 9 Jun 2020 23:30:24 +0200
Subject: [PATCH 2/3] Change `#include` to `include` in active profiles

---
 profiles/apparmor.d/apache2.d/phpsysinfo      | 10 +++++-----
 profiles/apparmor.d/bin.ping                  |  8 ++++----
 profiles/apparmor.d/local/README              |  2 +-
 profiles/apparmor.d/lsb_release               |  6 +++---
 profiles/apparmor.d/nvidia_modprobe           |  6 +++---
 profiles/apparmor.d/sbin.klogd                |  4 ++--
 profiles/apparmor.d/sbin.syslog-ng            | 14 ++++++-------
 profiles/apparmor.d/sbin.syslogd              |  8 ++++----
 .../usr.lib.apache2.mpm-prefork.apache2       | 14 ++++++-------
 profiles/apparmor.d/usr.lib.dovecot.anvil     |  6 +++---
 profiles/apparmor.d/usr.lib.dovecot.auth      | 16 +++++++--------
 profiles/apparmor.d/usr.lib.dovecot.config    | 10 +++++-----
 profiles/apparmor.d/usr.lib.dovecot.deliver   | 10 +++++-----
 profiles/apparmor.d/usr.lib.dovecot.dict      | 12 +++++------
 .../apparmor.d/usr.lib.dovecot.dovecot-auth   | 12 +++++------
 .../apparmor.d/usr.lib.dovecot.dovecot-lda    | 20 +++++++++----------
 profiles/apparmor.d/usr.lib.dovecot.imap      | 10 +++++-----
 .../apparmor.d/usr.lib.dovecot.imap-login     |  8 ++++----
 profiles/apparmor.d/usr.lib.dovecot.lmtp      | 16 +++++++--------
 profiles/apparmor.d/usr.lib.dovecot.log       |  6 +++---
 .../apparmor.d/usr.lib.dovecot.managesieve    |  8 ++++----
 .../usr.lib.dovecot.managesieve-login         |  8 ++++----
 profiles/apparmor.d/usr.lib.dovecot.pop3      | 10 +++++-----
 .../apparmor.d/usr.lib.dovecot.pop3-login     |  8 ++++----
 .../apparmor.d/usr.lib.dovecot.ssl-params     |  6 +++---
 profiles/apparmor.d/usr.lib.dovecot.stats     |  6 +++---
 profiles/apparmor.d/usr.sbin.apache2          | 16 +++++++--------
 profiles/apparmor.d/usr.sbin.avahi-daemon     | 10 +++++-----
 profiles/apparmor.d/usr.sbin.dnsmasq          | 10 +++++-----
 profiles/apparmor.d/usr.sbin.dovecot          | 16 +++++++--------
 profiles/apparmor.d/usr.sbin.identd           |  6 +++---
 profiles/apparmor.d/usr.sbin.mdnsd            |  8 ++++----
 profiles/apparmor.d/usr.sbin.nmbd             |  8 ++++----
 profiles/apparmor.d/usr.sbin.nscd             | 10 +++++-----
 profiles/apparmor.d/usr.sbin.ntpd             | 12 +++++------
 profiles/apparmor.d/usr.sbin.smbd             | 18 ++++++++---------
 profiles/apparmor.d/usr.sbin.smbldap-useradd  | 14 ++++++-------
 profiles/apparmor.d/usr.sbin.traceroute       |  8 ++++----
 profiles/apparmor.d/usr.sbin.winbindd         |  8 ++++----
 39 files changed, 194 insertions(+), 194 deletions(-)

diff --git a/profiles/apparmor.d/apache2.d/phpsysinfo b/profiles/apparmor.d/apache2.d/phpsysinfo
index d4238020f..afd1ff340 100644
--- a/profiles/apparmor.d/apache2.d/phpsysinfo
+++ b/profiles/apparmor.d/apache2.d/phpsysinfo
@@ -4,11 +4,11 @@
   abi <abi/3.0>,
 
   ^phpsysinfo {
-    #include <abstractions/apache2-common>
-    #include <abstractions/base>
-    #include <abstractions/nameservice>
-    #include <abstractions/php5>
-    #include <abstractions/python>
+    include <abstractions/apache2-common>
+    include <abstractions/base>
+    include <abstractions/nameservice>
+    include <abstractions/php5>
+    include <abstractions/python>
 
     /{,usr/}bin/dash ixr,
     /{,usr/}bin/df ixr,
diff --git a/profiles/apparmor.d/bin.ping b/profiles/apparmor.d/bin.ping
index 22b7398e5..149b802d6 100644
--- a/profiles/apparmor.d/bin.ping
+++ b/profiles/apparmor.d/bin.ping
@@ -11,11 +11,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 profile ping /{usr/,}bin/{,iputils-}ping {
-  #include <abstractions/base>
-  #include <abstractions/consoles>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/nameservice>
 
   capability net_raw,
   capability setuid,
diff --git a/profiles/apparmor.d/local/README b/profiles/apparmor.d/local/README
index a3cf2e49a..b2db5c186 100644
--- a/profiles/apparmor.d/local/README
+++ b/profiles/apparmor.d/local/README
@@ -12,7 +12,7 @@
 # it is appropriate for your site.
 #
 # For example, if the shipped /etc/apparmor.d/usr.sbin.smbd profile has:
-#   #include <local/usr.sbin.smbd>
+#   include <local/usr.sbin.smbd>
 #
 # then an administrator can adjust /etc/apparmor.d/local/usr.sbin.smbd to
 # contain any additional paths to be allowed, such as:
diff --git a/profiles/apparmor.d/lsb_release b/profiles/apparmor.d/lsb_release
index c7af9e3d9..33a1c71db 100644
--- a/profiles/apparmor.d/lsb_release
+++ b/profiles/apparmor.d/lsb_release
@@ -6,12 +6,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 # Do not attach to /usr/bin/lsb_release by default
 profile lsb_release {
-  #include <abstractions/base>
-  #include <abstractions/python>
+  include <abstractions/base>
+  include <abstractions/python>
 
   owner @{PROC}/@{pid}/fd/ r,
 
diff --git a/profiles/apparmor.d/nvidia_modprobe b/profiles/apparmor.d/nvidia_modprobe
index 89c7f0cf9..2ba5a4d9f 100644
--- a/profiles/apparmor.d/nvidia_modprobe
+++ b/profiles/apparmor.d/nvidia_modprobe
@@ -2,10 +2,10 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile nvidia_modprobe {
-  #include <abstractions/base>
+  include <abstractions/base>
 
   # Capabilities
 
@@ -35,7 +35,7 @@ profile nvidia_modprobe {
   # Child profiles
 
   profile kmod {
-    #include <abstractions/base>
+    include <abstractions/base>
 
     # Capabilities
 
diff --git a/profiles/apparmor.d/sbin.klogd b/profiles/apparmor.d/sbin.klogd
index 9aed96b60..cd0cfbb20 100644
--- a/profiles/apparmor.d/sbin.klogd
+++ b/profiles/apparmor.d/sbin.klogd
@@ -11,10 +11,10 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile klogd /{usr/,}{bin,sbin}/klogd {
-  #include <abstractions/base>
+  include <abstractions/base>
 
   capability sys_admin, # for backward compatibility with kernel <= 2.6.37
   capability syslog,
diff --git a/profiles/apparmor.d/sbin.syslog-ng b/profiles/apparmor.d/sbin.syslog-ng
index 6e8f6d97b..6f8a19fbd 100644
--- a/profiles/apparmor.d/sbin.syslog-ng
+++ b/profiles/apparmor.d/sbin.syslog-ng
@@ -12,18 +12,18 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 #define this to be where syslog-ng is chrooted
 @{CHROOT_BASE}=""
 
 profile syslog-ng /{usr/,}{bin,sbin}/syslog-ng {
-  #include <abstractions/base>
-  #include <abstractions/consoles>
-  #include <abstractions/nameservice>
-  #include <abstractions/mysql>
-  #include <abstractions/openssl>
-  #include <abstractions/python>
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/nameservice>
+  include <abstractions/mysql>
+  include <abstractions/openssl>
+  include <abstractions/python>
 
   capability chown,
   capability dac_override,
diff --git a/profiles/apparmor.d/sbin.syslogd b/profiles/apparmor.d/sbin.syslogd
index 4e3f8c0f2..6963c8134 100644
--- a/profiles/apparmor.d/sbin.syslogd
+++ b/profiles/apparmor.d/sbin.syslogd
@@ -11,12 +11,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile syslogd /{usr/,}{bin,sbin}/syslogd {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/consoles>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/consoles>
 
   capability sys_tty_config,
   capability dac_override,
diff --git a/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 b/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
index c0e929ed0..7126bdc76 100644
--- a/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
+++ b/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
@@ -2,7 +2,7 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 /usr/lib/apache2/mpm-prefork/apache2 {
 
   # This profile is completely permissive.
@@ -41,8 +41,8 @@ abi <abi/3.0>,
   #    </Directory>
   #
 
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/nameservice>
 
   capability chown,
   capability kill,
@@ -56,8 +56,8 @@ abi <abi/3.0>,
 
 
   ^DEFAULT_URI {
-    #include <abstractions/base>
-    #include <abstractions/nameservice>
+    include <abstractions/base>
+    include <abstractions/nameservice>
 
     / rw,
     /** mrwlkix,
@@ -65,7 +65,7 @@ abi <abi/3.0>,
   }
 
   ^HANDLING_UNTRUSTED_INPUT {
-    #include <abstractions/nameservice>
+    include <abstractions/nameservice>
 
     / rw,
     /** mrwlkix,
@@ -75,7 +75,7 @@ abi <abi/3.0>,
   # This directory contains web application
   # package-specific apparmor files.
 
-  #include <apache2.d>
+  include <apache2.d>
 
   # Site-specific additions and overrides. See local/README for details.
   include if exists <local/usr.lib.apache2.mpm-prefork.apache2>
diff --git a/profiles/apparmor.d/usr.lib.dovecot.anvil b/profiles/apparmor.d/usr.lib.dovecot.anvil
index c6a0cecb2..e934380cf 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.anvil
+++ b/profiles/apparmor.d/usr.lib.dovecot.anvil
@@ -11,11 +11,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/lib/dovecot/anvil {
-  #include <abstractions/base>
-  #include <abstractions/dovecot-common>
+  include <abstractions/base>
+  include <abstractions/dovecot-common>
 
   capability setuid,
   capability sys_chroot,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.auth b/profiles/apparmor.d/usr.lib.dovecot.auth
index 293f95087..76173bc3d 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.auth
+++ b/profiles/apparmor.d/usr.lib.dovecot.auth
@@ -12,16 +12,16 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/lib/dovecot/auth {
-  #include <abstractions/authentication>
-  #include <abstractions/base>
-  #include <abstractions/mysql>
-  #include <abstractions/nameservice>
-  #include <abstractions/openssl>
-  #include <abstractions/wutmp>
-  #include <abstractions/dovecot-common>
+  include <abstractions/authentication>
+  include <abstractions/base>
+  include <abstractions/mysql>
+  include <abstractions/nameservice>
+  include <abstractions/openssl>
+  include <abstractions/wutmp>
+  include <abstractions/dovecot-common>
 
   capability audit_write,
   capability dac_override,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.config b/profiles/apparmor.d/usr.lib.dovecot.config
index ebe8d996a..4135fb8d8 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.config
+++ b/profiles/apparmor.d/usr.lib.dovecot.config
@@ -11,13 +11,13 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/lib/dovecot/config {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/dovecot-common>
-  #include <abstractions/ssl_keys>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/dovecot-common>
+  include <abstractions/ssl_keys>
 
   capability dac_read_search,
   capability dac_override,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.deliver b/profiles/apparmor.d/usr.lib.dovecot.deliver
index 3db5eadfe..bebc42873 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.deliver
+++ b/profiles/apparmor.d/usr.lib.dovecot.deliver
@@ -13,13 +13,13 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
-#include <tunables/dovecot>
+include <tunables/global>
+include <tunables/dovecot>
 
 /usr/lib/dovecot/deliver {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/dovecot-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/dovecot-common>
 
   capability setuid,
 
diff --git a/profiles/apparmor.d/usr.lib.dovecot.dict b/profiles/apparmor.d/usr.lib.dovecot.dict
index eea381463..b05624caa 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.dict
+++ b/profiles/apparmor.d/usr.lib.dovecot.dict
@@ -11,14 +11,14 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/lib/dovecot/dict {
-  #include <abstractions/base>
-  #include <abstractions/mysql>
-  #include <abstractions/nameservice>
-  #include <abstractions/openssl>
-  #include <abstractions/dovecot-common>
+  include <abstractions/base>
+  include <abstractions/mysql>
+  include <abstractions/nameservice>
+  include <abstractions/openssl>
+  include <abstractions/dovecot-common>
 
   capability setuid,
 
diff --git a/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth b/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth
index 89eff259a..3371b7b04 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth
+++ b/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth
@@ -12,14 +12,14 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/lib/dovecot/dovecot-auth {
-  #include <abstractions/authentication>
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/wutmp>
-  #include <abstractions/dovecot-common>
+  include <abstractions/authentication>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/wutmp>
+  include <abstractions/dovecot-common>
 
   capability chown,
   capability dac_override,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda b/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda
index 5c35c5862..86d72b21f 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda
+++ b/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda
@@ -11,13 +11,13 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
-#include <tunables/dovecot>
+include <tunables/global>
+include <tunables/dovecot>
 
 /usr/lib/dovecot/dovecot-lda flags=(attach_disconnected) {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/dovecot-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/dovecot-common>
 
   capability setuid,
 
@@ -43,11 +43,11 @@ abi <abi/3.0>,
     # this profile is based on the usr.sbin.sendmail profile in extras
     # and should support both postfix' and sendmail's sendmail binary
 
-    #include <abstractions/base>
-    #include <abstractions/consoles>
-    #include <abstractions/nameservice>
-    #include <abstractions/user-tmp>
-    #include <abstractions/postfix-common>
+    include <abstractions/base>
+    include <abstractions/consoles>
+    include <abstractions/nameservice>
+    include <abstractions/user-tmp>
+    include <abstractions/postfix-common>
 
     capability sys_ptrace,
 
diff --git a/profiles/apparmor.d/usr.lib.dovecot.imap b/profiles/apparmor.d/usr.lib.dovecot.imap
index 822861aef..420fc9964 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.imap
+++ b/profiles/apparmor.d/usr.lib.dovecot.imap
@@ -12,13 +12,13 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
-#include <tunables/dovecot>
+include <tunables/global>
+include <tunables/dovecot>
 
 /usr/lib/dovecot/imap {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/dovecot-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/dovecot-common>
 
   capability setuid,
   deny capability block_suspend,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.imap-login b/profiles/apparmor.d/usr.lib.dovecot.imap-login
index 41e3fd992..4592dfe13 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.imap-login
+++ b/profiles/apparmor.d/usr.lib.dovecot.imap-login
@@ -12,11 +12,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 /usr/lib/dovecot/imap-login {
-  #include <abstractions/base>
-  #include <abstractions/dovecot-common>
-  #include <abstractions/openssl>
+  include <abstractions/base>
+  include <abstractions/dovecot-common>
+  include <abstractions/openssl>
 
   capability setuid,
   capability sys_chroot,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.lmtp b/profiles/apparmor.d/usr.lib.dovecot.lmtp
index 86131090d..d1278d634 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.lmtp
+++ b/profiles/apparmor.d/usr.lib.dovecot.lmtp
@@ -11,16 +11,16 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
-#include <tunables/dovecot>
+include <tunables/global>
+include <tunables/dovecot>
 
 /usr/lib/dovecot/lmtp {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/dovecot-common>
-  #include <abstractions/openssl>
-  #include <abstractions/ssl_certs>
-  #include <abstractions/ssl_keys>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/dovecot-common>
+  include <abstractions/openssl>
+  include <abstractions/ssl_certs>
+  include <abstractions/ssl_keys>
 
   capability dac_override,
   capability dac_read_search,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.log b/profiles/apparmor.d/usr.lib.dovecot.log
index eeb96313a..09b4021ae 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.log
+++ b/profiles/apparmor.d/usr.lib.dovecot.log
@@ -11,11 +11,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/lib/dovecot/log flags=(attach_disconnected) {
-  #include <abstractions/base>
-  #include <abstractions/dovecot-common>
+  include <abstractions/base>
+  include <abstractions/dovecot-common>
 
   /usr/lib/dovecot/log mr,
 
diff --git a/profiles/apparmor.d/usr.lib.dovecot.managesieve b/profiles/apparmor.d/usr.lib.dovecot.managesieve
index 82d409fe9..54899c38a 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.managesieve
+++ b/profiles/apparmor.d/usr.lib.dovecot.managesieve
@@ -12,12 +12,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
-#include <tunables/dovecot>
+include <tunables/global>
+include <tunables/dovecot>
 
 /usr/lib/dovecot/managesieve {
-  #include <abstractions/base>
-  #include <abstractions/dovecot-common>
+  include <abstractions/base>
+  include <abstractions/dovecot-common>
 
   capability setuid,
 
diff --git a/profiles/apparmor.d/usr.lib.dovecot.managesieve-login b/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
index e5ab5fae8..020bbfc27 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
+++ b/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
@@ -14,11 +14,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 /usr/lib/dovecot/managesieve-login {
-  #include <abstractions/base>
-  #include <abstractions/dovecot-common>
-  #include <abstractions/openssl>
+  include <abstractions/base>
+  include <abstractions/dovecot-common>
+  include <abstractions/openssl>
 
   capability setuid,
   capability sys_chroot,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.pop3 b/profiles/apparmor.d/usr.lib.dovecot.pop3
index a47c74b34..737a0c755 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.pop3
+++ b/profiles/apparmor.d/usr.lib.dovecot.pop3
@@ -12,13 +12,13 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
-#include <tunables/dovecot>
+include <tunables/global>
+include <tunables/dovecot>
 
 /usr/lib/dovecot/pop3 {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/dovecot-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/dovecot-common>
 
   capability setuid,
 
diff --git a/profiles/apparmor.d/usr.lib.dovecot.pop3-login b/profiles/apparmor.d/usr.lib.dovecot.pop3-login
index 9eb58c26f..710b6e894 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.pop3-login
+++ b/profiles/apparmor.d/usr.lib.dovecot.pop3-login
@@ -12,11 +12,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 /usr/lib/dovecot/pop3-login {
-  #include <abstractions/base>
-  #include <abstractions/dovecot-common>
-  #include <abstractions/openssl>
+  include <abstractions/base>
+  include <abstractions/dovecot-common>
+  include <abstractions/openssl>
 
   capability setuid,
   capability sys_chroot,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.ssl-params b/profiles/apparmor.d/usr.lib.dovecot.ssl-params
index 89609d303..8926d4d78 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.ssl-params
+++ b/profiles/apparmor.d/usr.lib.dovecot.ssl-params
@@ -11,11 +11,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/lib/dovecot/ssl-params {
-  #include <abstractions/base>
-  #include <abstractions/dovecot-common>
+  include <abstractions/base>
+  include <abstractions/dovecot-common>
 
   @{run}/dovecot/ssl-params rw,
   @{run}/dovecot/login/ssl-params rw,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.stats b/profiles/apparmor.d/usr.lib.dovecot.stats
index e6ffb3583..63370bba4 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.stats
+++ b/profiles/apparmor.d/usr.lib.dovecot.stats
@@ -11,11 +11,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/lib/dovecot/stats {
-  #include <abstractions/base>
-  #include <abstractions/dovecot-common>
+  include <abstractions/base>
+  include <abstractions/dovecot-common>
 
   capability setuid,
   capability sys_chroot,
diff --git a/profiles/apparmor.d/usr.sbin.apache2 b/profiles/apparmor.d/usr.sbin.apache2
index 5df9b3906..6c9ae7b41 100644
--- a/profiles/apparmor.d/usr.sbin.apache2
+++ b/profiles/apparmor.d/usr.sbin.apache2
@@ -2,7 +2,7 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 profile apache2 /usr/{bin,sbin}/apache2 flags=(attach_disconnected) {
 
   # This profile is completely permissive.
@@ -28,7 +28,7 @@ profile apache2 /usr/{bin,sbin}/apache2 flags=(attach_disconnected) {
   #    the "apache2-common" abstraction:
   #
   #    ^example.com {
-  #        #include <abstractions/apache2-common>
+  #        include <abstractions/apache2-common>
   #        /var/www/html/             r,
   #        /var/www/html/**           r,
   #        /var/log/apache2/*.log     w,
@@ -69,8 +69,8 @@ profile apache2 /usr/{bin,sbin}/apache2 flags=(attach_disconnected) {
   #    </Location>
   #
 
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/nameservice>
 
   # Send signals to all hats.
   signal (send) peer=@{profile_name}//*,
@@ -87,15 +87,15 @@ profile apache2 /usr/{bin,sbin}/apache2 flags=(attach_disconnected) {
 
 
   ^DEFAULT_URI flags=(attach_disconnected) {
-    #include <abstractions/base>
-    #include <abstractions/apache2-common>
+    include <abstractions/base>
+    include <abstractions/apache2-common>
 
     / rw,
     /** mrwlkix,
   }
 
   ^HANDLING_UNTRUSTED_INPUT flags=(attach_disconnected) {
-    #include <abstractions/apache2-common>
+    include <abstractions/apache2-common>
 
     / rw,
     /** mrwlkix,
@@ -104,7 +104,7 @@ profile apache2 /usr/{bin,sbin}/apache2 flags=(attach_disconnected) {
   # This directory contains web application
   # package-specific apparmor files.
 
-  #include <apache2.d>
+  include <apache2.d>
 
   # Site-specific additions and overrides. See local/README for details.
   include if exists <local/usr.sbin.apache2>
diff --git a/profiles/apparmor.d/usr.sbin.avahi-daemon b/profiles/apparmor.d/usr.sbin.avahi-daemon
index f26489a52..bccf48485 100644
--- a/profiles/apparmor.d/usr.sbin.avahi-daemon
+++ b/profiles/apparmor.d/usr.sbin.avahi-daemon
@@ -1,11 +1,11 @@
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 profile avahi-daemon /usr/{bin,sbin}/avahi-daemon {
-  #include <abstractions/base>
-  #include <abstractions/consoles>
-  #include <abstractions/dbus>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/dbus>
+  include <abstractions/nameservice>
 
   capability chown,
   capability dac_override,
diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
index 7c5b858c1..7ae9a1480 100644
--- a/profiles/apparmor.d/usr.sbin.dnsmasq
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -13,11 +13,11 @@ abi <abi/3.0>,
 
 @{TFTP_DIR}=/var/tftp /srv/tftp /srv/tftpboot
 
-#include <tunables/global>
+include <tunables/global>
 profile dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
-  #include <abstractions/base>
-  #include <abstractions/dbus>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/dbus>
+  include <abstractions/nameservice>
 
   capability chown,
   capability net_bind_service,
@@ -108,7 +108,7 @@ profile dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
   @{run}/NetworkManager/NetworkManager.pid w,
 
   profile libvirt_leaseshelper {
-    #include <abstractions/base>
+    include <abstractions/base>
 
     /etc/libnl-3/classid r,
 
diff --git a/profiles/apparmor.d/usr.sbin.dovecot b/profiles/apparmor.d/usr.sbin.dovecot
index 6c937983b..2c4752aa3 100644
--- a/profiles/apparmor.d/usr.sbin.dovecot
+++ b/profiles/apparmor.d/usr.sbin.dovecot
@@ -12,16 +12,16 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile dovecot /usr/{bin,sbin}/dovecot flags=(attach_disconnected) {
-  #include <abstractions/authentication>
-  #include <abstractions/base>
-  #include <abstractions/dovecot-common>
-  #include <abstractions/mysql>
-  #include <abstractions/nameservice>
-  #include <abstractions/ssl_certs>
-  #include <abstractions/ssl_keys>
+  include <abstractions/authentication>
+  include <abstractions/base>
+  include <abstractions/dovecot-common>
+  include <abstractions/mysql>
+  include <abstractions/nameservice>
+  include <abstractions/ssl_certs>
+  include <abstractions/ssl_keys>
 
   capability chown,
   capability dac_override,
diff --git a/profiles/apparmor.d/usr.sbin.identd b/profiles/apparmor.d/usr.sbin.identd
index 7bf5935aa..8dc869dc0 100644
--- a/profiles/apparmor.d/usr.sbin.identd
+++ b/profiles/apparmor.d/usr.sbin.identd
@@ -11,11 +11,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile identd /usr/{bin,sbin}/identd {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/nameservice>
   capability net_bind_service,
   capability setgid,
   capability setuid,
diff --git a/profiles/apparmor.d/usr.sbin.mdnsd b/profiles/apparmor.d/usr.sbin.mdnsd
index 6007c3b5f..af934cbf6 100644
--- a/profiles/apparmor.d/usr.sbin.mdnsd
+++ b/profiles/apparmor.d/usr.sbin.mdnsd
@@ -11,12 +11,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile mdnsd /usr/{bin,sbin}/mdnsd {
-  #include <abstractions/base>
-  #include <abstractions/consoles>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/nameservice>
 
   capability net_bind_service,
   capability setgid,
diff --git a/profiles/apparmor.d/usr.sbin.nmbd b/profiles/apparmor.d/usr.sbin.nmbd
index b93f85906..1c8c1a9e9 100644
--- a/profiles/apparmor.d/usr.sbin.nmbd
+++ b/profiles/apparmor.d/usr.sbin.nmbd
@@ -1,11 +1,11 @@
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile nmbd /usr/{bin,sbin}/nmbd {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/samba>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/samba>
 
   capability net_bind_service,
 
diff --git a/profiles/apparmor.d/usr.sbin.nscd b/profiles/apparmor.d/usr.sbin.nscd
index 47aa81435..339d4ad80 100644
--- a/profiles/apparmor.d/usr.sbin.nscd
+++ b/profiles/apparmor.d/usr.sbin.nscd
@@ -11,12 +11,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 profile nscd /usr/{bin,sbin}/nscd {
-  #include <abstractions/base>
-  #include <abstractions/consoles>
-  #include <abstractions/nameservice>
-  #include <abstractions/ssl_certs>
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/nameservice>
+  include <abstractions/ssl_certs>
 
   deny capability block_suspend,
   capability net_bind_service,
diff --git a/profiles/apparmor.d/usr.sbin.ntpd b/profiles/apparmor.d/usr.sbin.ntpd
index 65ede6338..9e9ccbece 100644
--- a/profiles/apparmor.d/usr.sbin.ntpd
+++ b/profiles/apparmor.d/usr.sbin.ntpd
@@ -11,13 +11,13 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
-#include <tunables/ntpd>
+include <tunables/global>
+include <tunables/ntpd>
 profile ntpd /usr/{bin,sbin}/{,open}ntpd flags=(attach_disconnected) {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/openssl>
-  #include <abstractions/xad>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/openssl>
+  include <abstractions/xad>
 
   capability dac_override,
   capability ipc_lock,
diff --git a/profiles/apparmor.d/usr.sbin.smbd b/profiles/apparmor.d/usr.sbin.smbd
index 6006ff369..92305564e 100644
--- a/profiles/apparmor.d/usr.sbin.smbd
+++ b/profiles/apparmor.d/usr.sbin.smbd
@@ -1,16 +1,16 @@
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile smbd /usr/{bin,sbin}/smbd {
-  #include <abstractions/authentication>
-  #include <abstractions/base>
-  #include <abstractions/consoles>
-  #include <abstractions/cups-client>
-  #include <abstractions/nameservice>
-  #include <abstractions/samba>
-  #include <abstractions/user-tmp>
-  #include <abstractions/wutmp>
+  include <abstractions/authentication>
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/cups-client>
+  include <abstractions/nameservice>
+  include <abstractions/samba>
+  include <abstractions/user-tmp>
+  include <abstractions/wutmp>
 
   capability audit_write,
   capability dac_override,
diff --git a/profiles/apparmor.d/usr.sbin.smbldap-useradd b/profiles/apparmor.d/usr.sbin.smbldap-useradd
index ee0715a11..c89f9d7b6 100644
--- a/profiles/apparmor.d/usr.sbin.smbldap-useradd
+++ b/profiles/apparmor.d/usr.sbin.smbldap-useradd
@@ -2,13 +2,13 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile smbldap-useradd /usr/{bin,sbin}/smbldap-useradd {
-  #include <abstractions/base>
-  #include <abstractions/bash>
-  #include <abstractions/nameservice>
-  #include <abstractions/perl>
+  include <abstractions/base>
+  include <abstractions/bash>
+  include <abstractions/nameservice>
+  include <abstractions/perl>
 
   /dev/tty rw,
   /{,usr/}bin/bash ix,
@@ -24,8 +24,8 @@ profile smbldap-useradd /usr/{bin,sbin}/smbldap-useradd {
   include if exists <local/usr.sbin.smbldap-useradd>
 
   profile /etc/init.d/nscd {
-    #include <abstractions/base>
-    #include <abstractions/nameservice>
+    include <abstractions/base>
+    include <abstractions/nameservice>
 
     capability sys_ptrace,
 
diff --git a/profiles/apparmor.d/usr.sbin.traceroute b/profiles/apparmor.d/usr.sbin.traceroute
index f9790a1cf..926ccdafe 100644
--- a/profiles/apparmor.d/usr.sbin.traceroute
+++ b/profiles/apparmor.d/usr.sbin.traceroute
@@ -11,11 +11,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 profile traceroute /usr/{{bin,sbin}/traceroute,bin/linux-traceroute,bin/traceroute.db} {
-  #include <abstractions/base>
-  #include <abstractions/consoles>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/nameservice>
 
   deny capability net_admin, # noisy setsockopt() calls
   capability net_raw,
diff --git a/profiles/apparmor.d/usr.sbin.winbindd b/profiles/apparmor.d/usr.sbin.winbindd
index 35a33efd8..3ac68d785 100644
--- a/profiles/apparmor.d/usr.sbin.winbindd
+++ b/profiles/apparmor.d/usr.sbin.winbindd
@@ -1,11 +1,11 @@
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile winbindd /usr/{bin,sbin}/winbindd {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/samba>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/samba>
 
   deny capability block_suspend,
 

From 71a730fe398474cb701b3abe7c88c19f9f33f9dc Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Tue, 9 Jun 2020 23:35:11 +0200
Subject: [PATCH 3/3] Change `#include` to `include` in extra profiles

---
 profiles/apparmor/profiles/extras/bin.netstat |  8 +++---
 .../profiles/extras/etc.cron.daily.logrotate  |  8 +++---
 .../extras/etc.cron.daily.slocate.cron        |  4 +--
 .../profiles/extras/etc.cron.daily.tmpwatch   |  4 +--
 .../apparmor/profiles/extras/postfix.anvil    |  8 +++---
 .../apparmor/profiles/extras/postfix.bounce   |  8 +++---
 .../apparmor/profiles/extras/postfix.cleanup  |  8 +++---
 .../apparmor/profiles/extras/postfix.discard  |  4 +--
 .../apparmor/profiles/extras/postfix.dnsblog  |  4 +--
 .../apparmor/profiles/extras/postfix.error    |  8 +++---
 .../apparmor/profiles/extras/postfix.flush    |  8 +++---
 .../apparmor/profiles/extras/postfix.lmtp     |  8 +++---
 .../apparmor/profiles/extras/postfix.local    | 12 ++++----
 .../apparmor/profiles/extras/postfix.master   |  8 +++---
 .../apparmor/profiles/extras/postfix.nqmgr    |  8 +++---
 .../apparmor/profiles/extras/postfix.oqmgr    |  8 +++---
 .../apparmor/profiles/extras/postfix.pickup   |  8 +++---
 .../apparmor/profiles/extras/postfix.pipe     |  8 +++---
 .../profiles/extras/postfix.postscreen        |  4 +--
 .../apparmor/profiles/extras/postfix.proxymap | 10 +++----
 .../apparmor/profiles/extras/postfix.qmgr     |  8 +++---
 .../apparmor/profiles/extras/postfix.qmqpd    |  8 +++---
 .../apparmor/profiles/extras/postfix.scache   |  8 +++---
 .../apparmor/profiles/extras/postfix.showq    |  8 +++---
 .../apparmor/profiles/extras/postfix.smtp     | 10 +++----
 .../apparmor/profiles/extras/postfix.smtpd    | 14 +++++-----
 .../apparmor/profiles/extras/postfix.spawn    |  8 +++---
 .../apparmor/profiles/extras/postfix.tlsmgr   |  8 +++---
 .../profiles/extras/postfix.trivial-rewrite   |  8 +++---
 .../apparmor/profiles/extras/postfix.verify   |  8 +++---
 .../apparmor/profiles/extras/postfix.virtual  |  8 +++---
 .../apparmor/profiles/extras/sbin.dhclient    |  8 +++---
 .../profiles/extras/sbin.dhclient-script      |  8 +++---
 profiles/apparmor/profiles/extras/sbin.dhcpcd |  6 ++--
 .../apparmor/profiles/extras/sbin.portmap     |  6 ++--
 .../apparmor/profiles/extras/sbin.resmgrd     |  6 ++--
 .../apparmor/profiles/extras/sbin.rpc.lockd   |  4 +--
 .../apparmor/profiles/extras/sbin.rpc.statd   |  6 ++--
 .../profiles/extras/usr.NX.bin.nxclient       | 14 +++++-----
 .../apparmor/profiles/extras/usr.bin.acroread | 18 ++++++------
 .../apparmor/profiles/extras/usr.bin.apropos  |  8 +++---
 .../apparmor/profiles/extras/usr.bin.dumpcap  |  6 ++--
 .../profiles/extras/usr.bin.evolution-2.10    | 22 +++++++--------
 profiles/apparmor/profiles/extras/usr.bin.fam |  6 ++--
 .../profiles/extras/usr.bin.freshclam         |  8 +++---
 .../apparmor/profiles/extras/usr.bin.gaim     | 20 ++++++-------
 profiles/apparmor/profiles/extras/usr.bin.man |  6 ++--
 .../profiles/extras/usr.bin.mlmmj-bounce      |  4 +--
 .../profiles/extras/usr.bin.mlmmj-maintd      |  4 +--
 .../profiles/extras/usr.bin.mlmmj-make-ml.sh  | 10 +++----
 .../profiles/extras/usr.bin.mlmmj-process     |  4 +--
 .../profiles/extras/usr.bin.mlmmj-receive     |  4 +--
 .../profiles/extras/usr.bin.mlmmj-recieve     |  4 +--
 .../profiles/extras/usr.bin.mlmmj-send        |  6 ++--
 .../profiles/extras/usr.bin.mlmmj-sub         |  4 +--
 .../profiles/extras/usr.bin.mlmmj-unsub       |  4 +--
 .../apparmor/profiles/extras/usr.bin.opera    | 18 ++++++------
 .../apparmor/profiles/extras/usr.bin.passwd   | 12 ++++----
 .../apparmor/profiles/extras/usr.bin.procmail | 10 +++----
 .../apparmor/profiles/extras/usr.bin.skype    | 28 +++++++++----------
 .../apparmor/profiles/extras/usr.bin.spamc    |  6 ++--
 .../apparmor/profiles/extras/usr.bin.svnserve |  6 ++--
 .../profiles/extras/usr.bin.wireshark         | 26 ++++++++---------
 profiles/apparmor/profiles/extras/usr.bin.xfs |  6 ++--
 .../profiles/extras/usr.lib.GConf.2.gconfd-2  |  8 +++---
 .../extras/usr.lib.RealPlayer10.realplay      | 20 ++++++-------
 .../usr.lib.bonobo.bonobo-activation-server   |  8 +++---
 ...ion-data-server.evolution-data-server-1.10 |  8 +++---
 .../profiles/extras/usr.lib.firefox.firefox   | 16 +++++------
 .../extras/usr.lib.firefox.firefox.sh         |  8 +++---
 .../usr.lib.firefox.mozilla-xremote-client    |  6 ++--
 .../profiles/extras/usr.lib.man-db.man        | 10 +++----
 .../extras/usr.lib64.GConf.2.gconfd-2         |  8 +++---
 .../apparmor/profiles/extras/usr.sbin.cupsd   | 12 ++++----
 .../apparmor/profiles/extras/usr.sbin.dhcpd   |  6 ++--
 .../profiles/extras/usr.sbin.httpd2-prefork   | 22 +++++++--------
 .../apparmor/profiles/extras/usr.sbin.imapd   | 12 ++++----
 .../profiles/extras/usr.sbin.in.fingerd       |  6 ++--
 .../apparmor/profiles/extras/usr.sbin.in.ftpd |  8 +++---
 .../profiles/extras/usr.sbin.in.ntalkd        |  8 +++---
 .../apparmor/profiles/extras/usr.sbin.ipop2d  | 12 ++++----
 .../apparmor/profiles/extras/usr.sbin.ipop3d  | 12 ++++----
 .../profiles/extras/usr.sbin.lighttpd         | 10 +++----
 .../apparmor/profiles/extras/usr.sbin.mysqld  | 10 +++----
 .../apparmor/profiles/extras/usr.sbin.oidentd |  6 ++--
 .../apparmor/profiles/extras/usr.sbin.popper  | 10 +++----
 .../profiles/extras/usr.sbin.postalias        | 12 ++++----
 .../profiles/extras/usr.sbin.postdrop         | 10 +++----
 .../apparmor/profiles/extras/usr.sbin.postmap | 10 +++----
 .../profiles/extras/usr.sbin.postqueue        | 12 ++++----
 .../profiles/extras/usr.sbin.sendmail         | 14 +++++-----
 .../profiles/extras/usr.sbin.sendmail.postfix | 14 +++++-----
 .../extras/usr.sbin.sendmail.sendmail         |  6 ++--
 .../apparmor/profiles/extras/usr.sbin.spamd   | 10 +++----
 .../apparmor/profiles/extras/usr.sbin.squid   | 10 +++----
 .../apparmor/profiles/extras/usr.sbin.sshd    | 20 ++++++-------
 .../apparmor/profiles/extras/usr.sbin.useradd | 22 +++++++--------
 .../apparmor/profiles/extras/usr.sbin.userdel | 16 +++++------
 .../apparmor/profiles/extras/usr.sbin.vsftpd  |  8 +++---
 .../apparmor/profiles/extras/usr.sbin.xinetd  |  6 ++--
 100 files changed, 473 insertions(+), 473 deletions(-)

diff --git a/profiles/apparmor/profiles/extras/bin.netstat b/profiles/apparmor/profiles/extras/bin.netstat
index 8ea2243f7..fd8d15606 100644
--- a/profiles/apparmor/profiles/extras/bin.netstat
+++ b/profiles/apparmor/profiles/extras/bin.netstat
@@ -15,12 +15,12 @@
 
   abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile netstat /{usr/,}bin/netstat {
-  #include <abstractions/base>
-  #include <abstractions/consoles>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/nameservice>
 
   capability dac_override,
   capability dac_read_search,
diff --git a/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate b/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate
index 08dc9e03f..7ba4b38ea 100644
--- a/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate
+++ b/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate
@@ -13,12 +13,12 @@
 
   abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /etc/cron.daily/logrotate {
-  #include <abstractions/base>
-  #include <abstractions/bash>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/bash>
+  include <abstractions/nameservice>
 
   capability chown,
   capability dac_override,
diff --git a/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron b/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron
index 4a8f2742a..2b551dfdf 100644
--- a/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron
+++ b/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron
@@ -14,10 +14,10 @@
 
   abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /etc/cron.daily/slocate.cron {
-  #include <abstractions/base>
+  include <abstractions/base>
   /{usr/,}bin/bash                 mixr,
   /dev/tty                         wr  ,
   /etc/cron.daily/slocate.cron     r   ,
diff --git a/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch b/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch
index eea0135d9..fa0b95617 100644
--- a/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch
+++ b/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch
@@ -10,10 +10,10 @@
 
   abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /etc/cron.daily/tmpwatch {
-  #include <abstractions/base>
+  include <abstractions/base>
   /etc/cron.daily/tmpwatch  r,
   /tmp                      r,
   /tmp/**                   rwl,
diff --git a/profiles/apparmor/profiles/extras/postfix.anvil b/profiles/apparmor/profiles/extras/postfix.anvil
index f0d81f64a..2aec87286 100644
--- a/profiles/apparmor/profiles/extras/postfix.anvil
+++ b/profiles/apparmor/profiles/extras/postfix.anvil
@@ -11,12 +11,12 @@
 
   abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-anvil /usr/lib/postfix/{bin/,sbin/,}anvil {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
 
   /usr/lib/postfix/{bin/,sbin/,}anvil         mrix,
 
diff --git a/profiles/apparmor/profiles/extras/postfix.bounce b/profiles/apparmor/profiles/extras/postfix.bounce
index 22171f762..f23f19724 100644
--- a/profiles/apparmor/profiles/extras/postfix.bounce
+++ b/profiles/apparmor/profiles/extras/postfix.bounce
@@ -12,12 +12,12 @@
 
   abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-bounce /usr/lib/postfix/{bin/,sbin/,}bounce {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
 
   /usr/lib/postfix/{bin/,sbin/,}bounce                             mrix,
 
diff --git a/profiles/apparmor/profiles/extras/postfix.cleanup b/profiles/apparmor/profiles/extras/postfix.cleanup
index 1821c5b8d..e277f14cc 100644
--- a/profiles/apparmor/profiles/extras/postfix.cleanup
+++ b/profiles/apparmor/profiles/extras/postfix.cleanup
@@ -12,12 +12,12 @@
 
   abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-cleanup /usr/lib/postfix/{bin/,sbin/,}cleanup {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
 
   capability net_bind_service,
   capability dac_read_search,
diff --git a/profiles/apparmor/profiles/extras/postfix.discard b/profiles/apparmor/profiles/extras/postfix.discard
index 4f3ffc413..fbfe784f8 100644
--- a/profiles/apparmor/profiles/extras/postfix.discard
+++ b/profiles/apparmor/profiles/extras/postfix.discard
@@ -12,10 +12,10 @@
 
   abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-discard /usr/lib/postfix/{bin/,sbin/,}discard {
-  #include <abstractions/base>
+  include <abstractions/base>
 
   /usr/lib/postfix/{bin/,sbin/,}discard mrix,
 }
diff --git a/profiles/apparmor/profiles/extras/postfix.dnsblog b/profiles/apparmor/profiles/extras/postfix.dnsblog
index 95d079305..f8ce329b1 100644
--- a/profiles/apparmor/profiles/extras/postfix.dnsblog
+++ b/profiles/apparmor/profiles/extras/postfix.dnsblog
@@ -11,10 +11,10 @@
 
   abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-dnsblog /usr/lib/postfix/{bin/,sbin/,}dnsblog {
-  #include <abstractions/base>
+  include <abstractions/base>
 
   /usr/lib/postfix/{bin/,sbin/,}dnsblog mrix,
 
diff --git a/profiles/apparmor/profiles/extras/postfix.error b/profiles/apparmor/profiles/extras/postfix.error
index a53522009..4719f8973 100644
--- a/profiles/apparmor/profiles/extras/postfix.error
+++ b/profiles/apparmor/profiles/extras/postfix.error
@@ -12,12 +12,12 @@
 
   abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-error /usr/lib/postfix/{bin/,sbin/,}error {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
 
   /usr/lib/postfix/{bin/,sbin/,}error mrix,
 
diff --git a/profiles/apparmor/profiles/extras/postfix.flush b/profiles/apparmor/profiles/extras/postfix.flush
index 734ea6e7a..f4f67ad4d 100644
--- a/profiles/apparmor/profiles/extras/postfix.flush
+++ b/profiles/apparmor/profiles/extras/postfix.flush
@@ -11,12 +11,12 @@
 
   abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-flush /usr/lib/postfix/{bin/,sbin/,}flush {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
 
   /usr/lib/postfix/{bin/,sbin/,}flush                mrix,
 
diff --git a/profiles/apparmor/profiles/extras/postfix.lmtp b/profiles/apparmor/profiles/extras/postfix.lmtp
index 255e421ab..d133d6459 100644
--- a/profiles/apparmor/profiles/extras/postfix.lmtp
+++ b/profiles/apparmor/profiles/extras/postfix.lmtp
@@ -12,12 +12,12 @@
 
   abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-lmtp /usr/lib/postfix/{bin/,sbin/,}lmtp {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
 
   /usr/lib/postfix/{bin/,sbin/,}lmtp mrix,
 
diff --git a/profiles/apparmor/profiles/extras/postfix.local b/profiles/apparmor/profiles/extras/postfix.local
index 2d60c22a6..f5647784a 100644
--- a/profiles/apparmor/profiles/extras/postfix.local
+++ b/profiles/apparmor/profiles/extras/postfix.local
@@ -11,14 +11,14 @@
 
   abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-local /usr/lib/postfix/{bin/,sbin/,}local {
-  #include <abstractions/base>
-  #include <abstractions/bash>
-  #include <abstractions/nameservice>
-  #include <abstractions/user-mail>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/bash>
+  include <abstractions/nameservice>
+  include <abstractions/user-mail>
+  include <abstractions/postfix-common>
 
   /usr/bin/procmail                                     Px,
 
diff --git a/profiles/apparmor/profiles/extras/postfix.master b/profiles/apparmor/profiles/extras/postfix.master
index 4614901a8..5951c98d3 100644
--- a/profiles/apparmor/profiles/extras/postfix.master
+++ b/profiles/apparmor/profiles/extras/postfix.master
@@ -12,12 +12,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-master /usr/lib/postfix/{bin/,sbin/,}master {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
 
   capability net_bind_service,
   capability kill,
diff --git a/profiles/apparmor/profiles/extras/postfix.nqmgr b/profiles/apparmor/profiles/extras/postfix.nqmgr
index f750472f4..717c9add6 100644
--- a/profiles/apparmor/profiles/extras/postfix.nqmgr
+++ b/profiles/apparmor/profiles/extras/postfix.nqmgr
@@ -11,12 +11,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-nqmgr /usr/lib/postfix/{bin/,sbin/,}nqmgr {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
 
   /usr/lib/postfix/{bin/,sbin/,}nqmgr                             mrix,
 
diff --git a/profiles/apparmor/profiles/extras/postfix.oqmgr b/profiles/apparmor/profiles/extras/postfix.oqmgr
index 4664c306e..625e92966 100644
--- a/profiles/apparmor/profiles/extras/postfix.oqmgr
+++ b/profiles/apparmor/profiles/extras/postfix.oqmgr
@@ -12,12 +12,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-oqmgr /usr/lib/postfix/{bin/,sbin/,}oqmgr {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
 
   /usr/lib/postfix/{bin/,sbin/,}oqmgr mrix,
 }
diff --git a/profiles/apparmor/profiles/extras/postfix.pickup b/profiles/apparmor/profiles/extras/postfix.pickup
index ea698074b..33b1e5ca0 100644
--- a/profiles/apparmor/profiles/extras/postfix.pickup
+++ b/profiles/apparmor/profiles/extras/postfix.pickup
@@ -11,12 +11,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-pickup /usr/lib/postfix/{bin/,sbin/,}pickup {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
 
   /usr/lib/postfix/{bin/,sbin/,}pickup           mrix,
 
diff --git a/profiles/apparmor/profiles/extras/postfix.pipe b/profiles/apparmor/profiles/extras/postfix.pipe
index 3749a596e..dbc0867f5 100644
--- a/profiles/apparmor/profiles/extras/postfix.pipe
+++ b/profiles/apparmor/profiles/extras/postfix.pipe
@@ -12,12 +12,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-pipe /usr/lib/postfix/{bin/,sbin/,}pipe {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
 
   /usr/lib/postfix/{bin/,sbin/,}pipe mrix,
 
diff --git a/profiles/apparmor/profiles/extras/postfix.postscreen b/profiles/apparmor/profiles/extras/postfix.postscreen
index 19157a84f..46d9c0558 100644
--- a/profiles/apparmor/profiles/extras/postfix.postscreen
+++ b/profiles/apparmor/profiles/extras/postfix.postscreen
@@ -10,10 +10,10 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-postscreen /usr/lib/postfix/{bin/,sbin/,}postscreen {
-  #include <abstractions/base>
+  include <abstractions/base>
 
   /usr/lib/postfix/{bin/,sbin/,}postscreen mrix,
 }
diff --git a/profiles/apparmor/profiles/extras/postfix.proxymap b/profiles/apparmor/profiles/extras/postfix.proxymap
index 5ca505278..b3b44e076 100644
--- a/profiles/apparmor/profiles/extras/postfix.proxymap
+++ b/profiles/apparmor/profiles/extras/postfix.proxymap
@@ -12,13 +12,13 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-proxymap /usr/lib/postfix/{bin/,sbin/,}proxymap {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/openssl>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/openssl>
+  include <abstractions/postfix-common>
 
   /etc/my.cnf r,
   /usr/lib/postfix/{bin/,sbin/,}proxymap     mrix,
diff --git a/profiles/apparmor/profiles/extras/postfix.qmgr b/profiles/apparmor/profiles/extras/postfix.qmgr
index ade06e9dd..d6092a36a 100644
--- a/profiles/apparmor/profiles/extras/postfix.qmgr
+++ b/profiles/apparmor/profiles/extras/postfix.qmgr
@@ -11,12 +11,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-qmgr /usr/lib/postfix/{bin/,sbin/,}qmgr {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
 
   /usr/lib/postfix/{bin/,sbin/,}qmgr                              mrix,
 
diff --git a/profiles/apparmor/profiles/extras/postfix.qmqpd b/profiles/apparmor/profiles/extras/postfix.qmqpd
index 7a06de968..ecd64cab5 100644
--- a/profiles/apparmor/profiles/extras/postfix.qmqpd
+++ b/profiles/apparmor/profiles/extras/postfix.qmqpd
@@ -11,12 +11,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-qmqpd /usr/lib/postfix/{bin/,sbin/,}qmqpd {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
 
   /usr/lib/postfix/{bin/,sbin/,}qmqpd mrix,
 }
diff --git a/profiles/apparmor/profiles/extras/postfix.scache b/profiles/apparmor/profiles/extras/postfix.scache
index 72cb8e3ff..a584f837e 100644
--- a/profiles/apparmor/profiles/extras/postfix.scache
+++ b/profiles/apparmor/profiles/extras/postfix.scache
@@ -13,12 +13,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-scache /usr/lib/postfix/{bin/,sbin/,}scache {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
 
   /usr/lib/postfix/{bin/,sbin/,}scache mrix,
 }
diff --git a/profiles/apparmor/profiles/extras/postfix.showq b/profiles/apparmor/profiles/extras/postfix.showq
index 255674fa4..91f8735fc 100644
--- a/profiles/apparmor/profiles/extras/postfix.showq
+++ b/profiles/apparmor/profiles/extras/postfix.showq
@@ -11,12 +11,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-showq /usr/lib/postfix/{bin/,sbin/,}showq {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
 
   /usr/lib/postfix/{bin/,sbin/,}showq                              mrix,
 
diff --git a/profiles/apparmor/profiles/extras/postfix.smtp b/profiles/apparmor/profiles/extras/postfix.smtp
index c5ec29082..c9e5b91a9 100644
--- a/profiles/apparmor/profiles/extras/postfix.smtp
+++ b/profiles/apparmor/profiles/extras/postfix.smtp
@@ -12,13 +12,13 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-smtp /usr/lib/postfix/{bin/,sbin/,}smtp {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
-  #include <abstractions/openssl>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
+  include <abstractions/openssl>
 
   capability dac_override,
   capability dac_read_search,
diff --git a/profiles/apparmor/profiles/extras/postfix.smtpd b/profiles/apparmor/profiles/extras/postfix.smtpd
index 7cb605b6f..95ec61f06 100644
--- a/profiles/apparmor/profiles/extras/postfix.smtpd
+++ b/profiles/apparmor/profiles/extras/postfix.smtpd
@@ -12,15 +12,15 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-smtpd /usr/lib/postfix/{bin/,sbin/,}smtpd {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
-  #include <abstractions/openssl>
-  #include <abstractions/ssl_certs>
-  #include <abstractions/ssl_keys>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
+  include <abstractions/openssl>
+  include <abstractions/ssl_certs>
+  include <abstractions/ssl_keys>
 
   capability dac_override,
   capability dac_read_search,
diff --git a/profiles/apparmor/profiles/extras/postfix.spawn b/profiles/apparmor/profiles/extras/postfix.spawn
index 8bf34d706..86db87f21 100644
--- a/profiles/apparmor/profiles/extras/postfix.spawn
+++ b/profiles/apparmor/profiles/extras/postfix.spawn
@@ -11,12 +11,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-spawn /usr/lib/postfix/{bin/,sbin/,}spawn {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
 
   /usr/lib/postfix/{bin/,sbin/,}spawn mrix,
 }
diff --git a/profiles/apparmor/profiles/extras/postfix.tlsmgr b/profiles/apparmor/profiles/extras/postfix.tlsmgr
index 376fde554..743391e2c 100644
--- a/profiles/apparmor/profiles/extras/postfix.tlsmgr
+++ b/profiles/apparmor/profiles/extras/postfix.tlsmgr
@@ -12,12 +12,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-tlsmgr /usr/lib/postfix/{bin/,sbin/,}tlsmgr {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
 
   /usr/lib/postfix/{bin/,sbin/,}tlsmgr mrix,
 
diff --git a/profiles/apparmor/profiles/extras/postfix.trivial-rewrite b/profiles/apparmor/profiles/extras/postfix.trivial-rewrite
index c754330cf..5624ca0a5 100644
--- a/profiles/apparmor/profiles/extras/postfix.trivial-rewrite
+++ b/profiles/apparmor/profiles/extras/postfix.trivial-rewrite
@@ -12,12 +12,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-trivial-rewrite /usr/lib/postfix/{bin/,sbin/,}trivial-rewrite {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
 
   capability dac_read_search,
 
diff --git a/profiles/apparmor/profiles/extras/postfix.verify b/profiles/apparmor/profiles/extras/postfix.verify
index 8b5cfd58b..d7d629d1d 100644
--- a/profiles/apparmor/profiles/extras/postfix.verify
+++ b/profiles/apparmor/profiles/extras/postfix.verify
@@ -11,12 +11,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-verify /usr/lib/postfix/{bin/,sbin/,}verify {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
 
   /usr/lib/postfix/{bin/,sbin/,}verify mrix,
 }
diff --git a/profiles/apparmor/profiles/extras/postfix.virtual b/profiles/apparmor/profiles/extras/postfix.virtual
index a78798efd..d477f1d4e 100644
--- a/profiles/apparmor/profiles/extras/postfix.virtual
+++ b/profiles/apparmor/profiles/extras/postfix.virtual
@@ -11,12 +11,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile postfix-virtual /usr/lib/postfix/{bin/,sbin/,}virtual {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
 
   /usr/lib/postfix/{bin/,sbin/,}virtual mrix,
 
diff --git a/profiles/apparmor/profiles/extras/sbin.dhclient b/profiles/apparmor/profiles/extras/sbin.dhclient
index acf98d6a2..0abeb5ee7 100644
--- a/profiles/apparmor/profiles/extras/sbin.dhclient
+++ b/profiles/apparmor/profiles/extras/sbin.dhclient
@@ -21,12 +21,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile dhclient /{usr/,}sbin/dhclient {
-  #include <abstractions/base>
-  #include <abstractions/bash>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/bash>
+  include <abstractions/nameservice>
 
   capability net_raw,
 
diff --git a/profiles/apparmor/profiles/extras/sbin.dhclient-script b/profiles/apparmor/profiles/extras/sbin.dhclient-script
index cabadb944..637ab8ffc 100644
--- a/profiles/apparmor/profiles/extras/sbin.dhclient-script
+++ b/profiles/apparmor/profiles/extras/sbin.dhclient-script
@@ -2,15 +2,15 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 # dhclient-script will call plugins from /etc/netconfig.d, so this
 # will need to be extended on a per-site basis.
 
 profile dhclient-script /{usr/,}sbin/dhclient-script {
-  #include <abstractions/base>
-  #include <abstractions/bash>
-  #include <abstractions/consoles>
+  include <abstractions/base>
+  include <abstractions/bash>
+  include <abstractions/consoles>
 
   /{usr/,}bin/bash rix,
   /{usr/,}bin/grep rix,
diff --git a/profiles/apparmor/profiles/extras/sbin.dhcpcd b/profiles/apparmor/profiles/extras/sbin.dhcpcd
index 8b5678bf7..53b3b3567 100644
--- a/profiles/apparmor/profiles/extras/sbin.dhcpcd
+++ b/profiles/apparmor/profiles/extras/sbin.dhcpcd
@@ -18,11 +18,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile dhcpcd /{usr/,}sbin/dhcpcd {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/nameservice>
 
   capability net_raw,
   capability net_admin,
diff --git a/profiles/apparmor/profiles/extras/sbin.portmap b/profiles/apparmor/profiles/extras/sbin.portmap
index c081d9fa8..3ffb56819 100644
--- a/profiles/apparmor/profiles/extras/sbin.portmap
+++ b/profiles/apparmor/profiles/extras/sbin.portmap
@@ -10,11 +10,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile portmap /{usr/,}sbin/portmap {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/nameservice>
 
   capability net_bind_service,
   capability setuid,
diff --git a/profiles/apparmor/profiles/extras/sbin.resmgrd b/profiles/apparmor/profiles/extras/sbin.resmgrd
index ba0aa0ab5..c794cacae 100644
--- a/profiles/apparmor/profiles/extras/sbin.resmgrd
+++ b/profiles/apparmor/profiles/extras/sbin.resmgrd
@@ -12,11 +12,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile resmgrd /{usr/,}sbin/resmgrd {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/nameservice>
 
   capability fowner,
   capability chown,
diff --git a/profiles/apparmor/profiles/extras/sbin.rpc.lockd b/profiles/apparmor/profiles/extras/sbin.rpc.lockd
index 9c95dfad6..8a198a279 100644
--- a/profiles/apparmor/profiles/extras/sbin.rpc.lockd
+++ b/profiles/apparmor/profiles/extras/sbin.rpc.lockd
@@ -10,9 +10,9 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile rpc.lockd /{usr/,}sbin/rpc.lockd {
-  #include <abstractions/base>
+  include <abstractions/base>
   /{usr/,}sbin/rpc.lockd	rmix,
 }
diff --git a/profiles/apparmor/profiles/extras/sbin.rpc.statd b/profiles/apparmor/profiles/extras/sbin.rpc.statd
index 96a6b4691..dcef0872b 100644
--- a/profiles/apparmor/profiles/extras/sbin.rpc.statd
+++ b/profiles/apparmor/profiles/extras/sbin.rpc.statd
@@ -10,11 +10,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 profile rpc.statd /{usr/,}sbin/rpc.statd {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/nameservice>
 
   # needed to sanely drop privileges
   capability setgid,
diff --git a/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient b/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient
index e196a71b5..1173b8d06 100644
--- a/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient
+++ b/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient
@@ -11,15 +11,15 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/NX/bin/nxclient {
-  #include <abstractions/base>
-  #include <abstractions/bash>
-  #include <abstractions/consoles>
-  #include <abstractions/nameservice>
-  #include <abstractions/kde>
-  #include <abstractions/X>
+  include <abstractions/base>
+  include <abstractions/bash>
+  include <abstractions/consoles>
+  include <abstractions/nameservice>
+  include <abstractions/kde>
+  include <abstractions/X>
 
   /{usr/,}bin/bash     mix,
   /usr/bin/cut         mix,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.acroread b/profiles/apparmor/profiles/extras/usr.bin.acroread
index 91d5cd048..f24f0a64a 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.acroread
+++ b/profiles/apparmor/profiles/extras/usr.bin.acroread
@@ -12,17 +12,17 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/X11R6/bin/acroread {
-  #include <abstractions/base>
-  #include <abstractions/bash>
-  #include <abstractions/consoles>
-  #include <abstractions/fonts>
-  #include <abstractions/kde>
-  #include <abstractions/nameservice>
-  #include <abstractions/gnome>
-  #include <abstractions/X>
+  include <abstractions/base>
+  include <abstractions/bash>
+  include <abstractions/consoles>
+  include <abstractions/fonts>
+  include <abstractions/kde>
+  include <abstractions/nameservice>
+  include <abstractions/gnome>
+  include <abstractions/X>
 
   capability dac_override,
 
diff --git a/profiles/apparmor/profiles/extras/usr.bin.apropos b/profiles/apparmor/profiles/extras/usr.bin.apropos
index d6277fc66..292cd6de9 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.apropos
+++ b/profiles/apparmor/profiles/extras/usr.bin.apropos
@@ -10,12 +10,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/apropos {
-  #include <abstractions/base>
-  #include <abstractions/bash>
-  #include <abstractions/consoles>
+  include <abstractions/base>
+  include <abstractions/bash>
+  include <abstractions/consoles>
   /{usr/,}bin/basename         mixr,
   /{usr/,}bin/bash             mixr,
   /{usr/,}bin/grep             mixr,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.dumpcap b/profiles/apparmor/profiles/extras/usr.bin.dumpcap
index 91211b438..556f3d9f1 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.dumpcap
+++ b/profiles/apparmor/profiles/extras/usr.bin.dumpcap
@@ -2,11 +2,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/dumpcap {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/nameservice>
 
   capability net_admin,
   capability net_raw,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10 b/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10
index 58b3717aa..48c11bf95 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10
+++ b/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10
@@ -40,19 +40,19 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/evolution-2.10 {
-  #include <abstractions/base>
-  #include <abstractions/bash>
-  #include <abstractions/consoles>
-  #include <abstractions/fonts>
-  #include <abstractions/kde>
-  #include <abstractions/nameservice>
-  #include <abstractions/perl>
-  #include <abstractions/gnome>
-  #include <abstractions/user-mail>
-  #include <abstractions/user-write>
+  include <abstractions/base>
+  include <abstractions/bash>
+  include <abstractions/consoles>
+  include <abstractions/fonts>
+  include <abstractions/kde>
+  include <abstractions/nameservice>
+  include <abstractions/perl>
+  include <abstractions/gnome>
+  include <abstractions/user-mail>
+  include <abstractions/user-write>
 
   capability ipc_lock,
   capability setuid,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.fam b/profiles/apparmor/profiles/extras/usr.bin.fam
index a2fdc5e1a..8b8385ac0 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.fam
+++ b/profiles/apparmor/profiles/extras/usr.bin.fam
@@ -10,11 +10,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/fam {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/nameservice>
   /tmp/.fam*		wl,
   /etc/mtab		rw,
   /usr/bin/fam          rmix,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.freshclam b/profiles/apparmor/profiles/extras/usr.bin.freshclam
index 95aa917ef..d0bf30b74 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.freshclam
+++ b/profiles/apparmor/profiles/extras/usr.bin.freshclam
@@ -11,12 +11,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/freshclam {
-  #include <abstractions/base>
-  #include <abstractions/consoles>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/nameservice>
 
   capability setgid,
   capability setuid,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.gaim b/profiles/apparmor/profiles/extras/usr.bin.gaim
index 2d8873f41..e5ae3ef11 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.gaim
+++ b/profiles/apparmor/profiles/extras/usr.bin.gaim
@@ -12,18 +12,18 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/gaim {
-  #include <abstractions/audio>
-  #include <abstractions/base>
-  #include <abstractions/bash>
-  #include <abstractions/consoles>
-  #include <abstractions/kde>
-  #include <abstractions/nameservice>
-  #include <abstractions/perl>
-  #include <abstractions/gnome>
-  #include <abstractions/user-tmp>
+  include <abstractions/audio>
+  include <abstractions/base>
+  include <abstractions/bash>
+  include <abstractions/consoles>
+  include <abstractions/kde>
+  include <abstractions/nameservice>
+  include <abstractions/perl>
+  include <abstractions/gnome>
+  include <abstractions/user-tmp>
 
   /{usr/,}bin/bash mixr,
   /dev/random r,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.man b/profiles/apparmor/profiles/extras/usr.bin.man
index 37f8991c4..4dcc19c2c 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.man
+++ b/profiles/apparmor/profiles/extras/usr.bin.man
@@ -14,11 +14,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/man {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/nameservice>
 
   capability setgid,
   capability setuid,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce
index bd86b419b..a562dfe23 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce
@@ -12,10 +12,10 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/mlmmj-bounce {
-  #include <abstractions/base>
+  include <abstractions/base>
 
   /usr/bin/mlmmj-bounce mr,
   /usr/bin/mlmmj-send Px,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd
index 6d7e93dd8..366d074f8 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd
@@ -12,10 +12,10 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/mlmmj-maintd {
-  #include <abstractions/base>
+  include <abstractions/base>
 
   capability setuid,
 
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh
index b70fa4bc5..bbdd0e721 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh
@@ -11,13 +11,13 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/mlmmj-make-ml.sh {
-  #include <abstractions/base>
-  #include <abstractions/bash>
-  #include <abstractions/consoles>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/bash>
+  include <abstractions/consoles>
+  include <abstractions/nameservice>
 
   capability sys_admin,
 
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process
index 2513acb8b..7a9a6ff1c 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process
@@ -12,10 +12,10 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/mlmmj-process {
-  #include <abstractions/base>
+  include <abstractions/base>
 
   /usr/bin/mlmmj-process mr,
   /usr/bin/mlmmj-send Px,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive
index 076bc28b0..a0742b476 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive
@@ -12,10 +12,10 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/mlmmj-receive {
-  #include <abstractions/base>
+  include <abstractions/base>
 
   /usr/bin/mlmmj-process Px,
   /usr/bin/mlmmj-receive mr,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve
index 05960cfb4..ebce17d77 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve
@@ -15,10 +15,10 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/mlmmj-recieve {
-  #include <abstractions/base>
+  include <abstractions/base>
 
   /usr/bin/mlmmj-process Px,
   /usr/bin/mlmmj-recieve mr,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send
index 8eeaf15be..4ffb9d715 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send
@@ -12,11 +12,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/mlmmj-send {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/nameservice>
 
   /usr/bin/mlmmj-send mr,
   /var/spool/mlmmj/*/archive/* w,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub
index 5b0745ff5..ed6a64f94 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub
@@ -12,10 +12,10 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/mlmmj-sub {
-  #include <abstractions/base>
+  include <abstractions/base>
 
   capability setuid,
 
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub
index e0ad69f46..88fa6b152 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub
@@ -12,10 +12,10 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/mlmmj-unsub {
-  #include <abstractions/base>
+  include <abstractions/base>
 
   /usr/bin/mlmmj-unsub mr,
   /usr/bin/mlmmj-send Px,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.opera b/profiles/apparmor/profiles/extras/usr.bin.opera
index ebfac0772..324bc8d30 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.opera
+++ b/profiles/apparmor/profiles/extras/usr.bin.opera
@@ -11,16 +11,16 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 /usr/bin/opera {
-  #include <abstractions/base>
-  #include <abstractions/bash>
-  #include <abstractions/consoles>
-  #include <abstractions/kde>
-  #include <abstractions/nameservice>
-  #include <abstractions/user-write>
-  #include <abstractions/user-download>
-  #include <abstractions/X>
+  include <abstractions/base>
+  include <abstractions/bash>
+  include <abstractions/consoles>
+  include <abstractions/kde>
+  include <abstractions/nameservice>
+  include <abstractions/user-write>
+  include <abstractions/user-download>
+  include <abstractions/X>
 
   capability dac_override,
 
diff --git a/profiles/apparmor/profiles/extras/usr.bin.passwd b/profiles/apparmor/profiles/extras/usr.bin.passwd
index e6e269e70..d28d8be0e 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.passwd
+++ b/profiles/apparmor/profiles/extras/usr.bin.passwd
@@ -11,14 +11,14 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/passwd {
-  #include <abstractions/authentication>
-  #include <abstractions/base>
-  #include <abstractions/consoles>
-  #include <abstractions/nameservice>
-  #include <abstractions/wutmp>
+  include <abstractions/authentication>
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/nameservice>
+  include <abstractions/wutmp>
 
   capability chown,
   capability sys_resource,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.procmail b/profiles/apparmor/profiles/extras/usr.bin.procmail
index 5f0af871e..a9219682c 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.procmail
+++ b/profiles/apparmor/profiles/extras/usr.bin.procmail
@@ -10,13 +10,13 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/procmail {
-  #include <abstractions/base>
-  #include <abstractions/bash>
-  #include <abstractions/nameservice>
-  #include <abstractions/user-mail>
+  include <abstractions/base>
+  include <abstractions/bash>
+  include <abstractions/nameservice>
+  include <abstractions/user-mail>
 
   # procmail configuration
   /etc/procmailrc       r,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.skype b/profiles/apparmor/profiles/extras/usr.bin.skype
index 81c65cb1c..dce23e344 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.skype
+++ b/profiles/apparmor/profiles/extras/usr.bin.skype
@@ -5,21 +5,21 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 /usr/bin/skype flags=(complain) {
-  #include <abstractions/audio>
-  #include <abstractions/base>
-  #include <abstractions/dbus-session>
-  #include <abstractions/fonts>
-  #include <abstractions/freedesktop.org>
-  #include <abstractions/gnome>
-  #include <abstractions/ibus>
-  #include <abstractions/kde>
-  #include <abstractions/nameservice>
-  #include <abstractions/nvidia>
-  #include <abstractions/ssl_certs>
-  #include <abstractions/user-tmp>
-  #include <abstractions/X>
+  include <abstractions/audio>
+  include <abstractions/base>
+  include <abstractions/dbus-session>
+  include <abstractions/fonts>
+  include <abstractions/freedesktop.org>
+  include <abstractions/gnome>
+  include <abstractions/ibus>
+  include <abstractions/kde>
+  include <abstractions/nameservice>
+  include <abstractions/nvidia>
+  include <abstractions/ssl_certs>
+  include <abstractions/user-tmp>
+  include <abstractions/X>
 
   @{PROC}/sys/kernel/{ostype,osrelease} r,
   @{PROC}/@{pid}/net/arp r,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.spamc b/profiles/apparmor/profiles/extras/usr.bin.spamc
index 56d098d72..e51ba8e2a 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.spamc
+++ b/profiles/apparmor/profiles/extras/usr.bin.spamc
@@ -12,11 +12,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/spamc {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/nameservice>
 
   /usr/bin/spamc r,
 }
diff --git a/profiles/apparmor/profiles/extras/usr.bin.svnserve b/profiles/apparmor/profiles/extras/usr.bin.svnserve
index d803b4b43..9aa7868d3 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.svnserve
+++ b/profiles/apparmor/profiles/extras/usr.bin.svnserve
@@ -10,11 +10,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/svnserve {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/nameservice>
 
   # network service ;)
   capability net_bind_service,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.wireshark b/profiles/apparmor/profiles/extras/usr.bin.wireshark
index e45799fa8..a835afb34 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.wireshark
+++ b/profiles/apparmor/profiles/extras/usr.bin.wireshark
@@ -12,24 +12,24 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/wireshark {
-  #include <abstractions/base>
-  #include <abstractions/bash>
-  #include <abstractions/consoles>
-  #include <abstractions/dconf>
-  #include <abstractions/dbus-session-strict>
-  #include <abstractions/ibus>
-  #include <abstractions/kde>
-  #include <abstractions/nameservice>
-  #include <abstractions/gnome>
-  #include <abstractions/user-write>
-  #include <abstractions/X>
+  include <abstractions/base>
+  include <abstractions/bash>
+  include <abstractions/consoles>
+  include <abstractions/dconf>
+  include <abstractions/dbus-session-strict>
+  include <abstractions/ibus>
+  include <abstractions/kde>
+  include <abstractions/nameservice>
+  include <abstractions/gnome>
+  include <abstractions/user-write>
+  include <abstractions/X>
 
   signal (send) peer=/usr/bin/dumpcap,
 
-  #include <abstractions/dbus-accessibility-strict>
+  include <abstractions/dbus-accessibility-strict>
   dbus (send)
        bus=session
        peer=(name=org.a11y.Bus),
diff --git a/profiles/apparmor/profiles/extras/usr.bin.xfs b/profiles/apparmor/profiles/extras/usr.bin.xfs
index e0c787ac8..17b9d06ba 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.xfs
+++ b/profiles/apparmor/profiles/extras/usr.bin.xfs
@@ -10,11 +10,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/bin/xfs {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/nameservice>
 
   /					r,
   /dev/tty				wr,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2 b/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2
index e2a28ded2..02ffdb4be 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2
+++ b/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2
@@ -12,12 +12,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/lib/GConf/2/gconfd-2 {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/user-tmp>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/user-tmp>
 
   /etc/gconf/2/path r,
   /etc/gconf/gconf.xml.defaults r,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay b/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay
index 8a7bdd01e..a2de723a4 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay
+++ b/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay
@@ -12,18 +12,18 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/lib/RealPlayer10/realplay {
-  #include <abstractions/base>
-  #include <abstractions/bash>
-  #include <abstractions/consoles>
-  #include <abstractions/fonts>
-  #include <abstractions/kde>
-  #include <abstractions/nameservice>
-  #include <abstractions/gnome>
-  #include <abstractions/user-download>
-  #include <abstractions/X>
+  include <abstractions/base>
+  include <abstractions/bash>
+  include <abstractions/consoles>
+  include <abstractions/fonts>
+  include <abstractions/kde>
+  include <abstractions/nameservice>
+  include <abstractions/gnome>
+  include <abstractions/user-download>
+  include <abstractions/X>
 
   /{usr/,}bin/bash mix,
   /{usr/,}bin/sed mixr,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server b/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server
index 7cacb2def..e09c0b945 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server
+++ b/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server
@@ -12,12 +12,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/lib/bonobo/bonobo-activation-server {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/user-tmp>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/user-tmp>
 
   /etc/bonobo-activation/bonobo-activation-config.xml r,
   /usr/lib/bonobo/bonobo-activation-server rmix,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10 b/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10
index 938f5ca86..a649fe531 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10
+++ b/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10
@@ -12,12 +12,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/lib/evolution-data-server/evolution-data-server-1.10 {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/user-tmp>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/user-tmp>
 
   /etc/mtab r,
   /etc/** r,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox b/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox
index 96eba9124..cecf634d7 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox
+++ b/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox
@@ -11,7 +11,7 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 # We want to confine the binaries that match:
 #  /usr/lib/firefox-4.0b8/firefox
@@ -19,13 +19,13 @@ abi <abi/3.0>,
 # but not:
 #  /usr/lib/firefox-4.0b8/firefox.sh
 /usr/lib/firefox{,-[0-9]*}/firefox{,*[^s][^h]} {
-  #include <abstractions/audio>
-  #include <abstractions/cups-client>
-  #include <abstractions/dbus-session>
-  #include <abstractions/gnome>
-  #include <abstractions/ibus>
-  #include <abstractions/kde>
-  #include <abstractions/nameservice>
+  include <abstractions/audio>
+  include <abstractions/cups-client>
+  include <abstractions/dbus-session>
+  include <abstractions/gnome>
+  include <abstractions/ibus>
+  include <abstractions/kde>
+  include <abstractions/nameservice>
 
   # for networking
   network inet stream,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox.sh b/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox.sh
index bb12c3aa8..95a7a7de4 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox.sh
+++ b/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox.sh
@@ -2,12 +2,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/lib/firefox/firefox.sh {
-  #include <abstractions/base>
-  #include <abstractions/bash>
-  #include <abstractions/consoles>
+  include <abstractions/base>
+  include <abstractions/bash>
+  include <abstractions/consoles>
 
   deny capability sys_ptrace,
 
diff --git a/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client b/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client
index 7e4346e27..bb8ca311f 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client
+++ b/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client
@@ -12,11 +12,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/lib/firefox/mozilla-xremote-client {
-  #include <abstractions/base>
-  #include <abstractions/X>
+  include <abstractions/base>
+  include <abstractions/X>
 
   /usr/lib/mozilla/lib*so* mr,
   /usr/lib/firefox/mozilla-xremote-client rmix,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.man-db.man b/profiles/apparmor/profiles/extras/usr.lib.man-db.man
index f37eaf6d8..1770359f7 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.man-db.man
+++ b/profiles/apparmor/profiles/extras/usr.lib.man-db.man
@@ -11,13 +11,13 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/lib/man-db/man {
-  #include <abstractions/base>
-  #include <abstractions/bash>
-  #include <abstractions/consoles>
-  #include <abstractions/user-manpages>
+  include <abstractions/base>
+  include <abstractions/bash>
+  include <abstractions/consoles>
+  include <abstractions/user-manpages>
 
   /{usr/,}bin/bash rmix,
   /{usr/,}bin/cat rmix,
diff --git a/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2 b/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2
index c97900881..89925b059 100644
--- a/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2
+++ b/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2
@@ -12,12 +12,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/lib64/GConf/2/gconfd-2 {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/user-tmp>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/user-tmp>
 
   /etc/gconf/2/path r,
   /etc/gconf/gconf.xml.defaults r,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.cupsd b/profiles/apparmor/profiles/extras/usr.sbin.cupsd
index fe76dabd7..e381e0169 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.cupsd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.cupsd
@@ -2,13 +2,13 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 /usr/sbin/cupsd {
-  #include <abstractions/base>
-  #include <abstractions/bash>
-  #include <abstractions/dbus>
-  #include <abstractions/nameservice>
-  #include <abstractions/perl>
+  include <abstractions/base>
+  include <abstractions/bash>
+  include <abstractions/dbus>
+  include <abstractions/nameservice>
+  include <abstractions/perl>
 
   capability chown,
   capability dac_override,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.dhcpd b/profiles/apparmor/profiles/extras/usr.sbin.dhcpd
index 471872ec1..13f210a5d 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.dhcpd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.dhcpd
@@ -10,11 +10,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/dhcpd {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/nameservice>
 
   capability dac_override,
   capability net_bind_service,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork b/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork
index 948190aa1..ada4f5634 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork
+++ b/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork
@@ -11,16 +11,16 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/httpd2-prefork {
-  #include <abstractions/apache2-common>
-  #include <abstractions/base>
-  #include <abstractions/consoles>
-  #include <abstractions/kerberosclient>
-  #include <abstractions/nameservice>
-  #include <abstractions/perl>
-  #include <abstractions/openssl>
+  include <abstractions/apache2-common>
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/kerberosclient>
+  include <abstractions/nameservice>
+  include <abstractions/perl>
+  include <abstractions/openssl>
 
   capability kill,
   capability net_bind_service,
@@ -132,13 +132,13 @@ abi <abi/3.0>,
 
 
   ^HANDLING_UNTRUSTED_INPUT {
-    #include <abstractions/apache2-common>
+    include <abstractions/apache2-common>
     /var/log/apache2/*     w,
   }
 
   ^DEFAULT_URI {
-    #include <abstractions/apache2-common>
-    #include <abstractions/base>
+    include <abstractions/apache2-common>
+    include <abstractions/base>
 
     # Note that mod_perl, mod_php, mod_python, etc, allows in-apache
     # execution of content regardless of 'x' permissions, as no exec(2)
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.imapd b/profiles/apparmor/profiles/extras/usr.sbin.imapd
index d0e921206..0d21823d2 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.imapd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.imapd
@@ -10,14 +10,14 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/imapd {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/authentication>
-  #include <abstractions/user-mail>
-  #include <abstractions/openssl>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/authentication>
+  include <abstractions/user-mail>
+  include <abstractions/openssl>
 
   /dev/urandom                              r,
   /tmp/*                                    rwl,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd b/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd
index 81632b800..1bcb43b4b 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd
@@ -10,11 +10,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/in.fingerd {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/nameservice>
 
   @{HOME}/.plan          r,
   @{HOME}/.project       r,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd b/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd
index f1bd0a215..e39356dd2 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd
@@ -10,12 +10,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/in.ftpd {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/authentication>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/authentication>
 
   /                                 r,
   /dev/urandom                      r,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd b/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd
index 74c8a6adf..7b454a76a 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd
@@ -10,12 +10,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/in.ntalkd {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/consoles>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/consoles>
 
   /usr/sbin/in.ntalkd   r,
   /{,var/}run/utmp		r,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.ipop2d b/profiles/apparmor/profiles/extras/usr.sbin.ipop2d
index eb80c153a..c65c9c958 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.ipop2d
+++ b/profiles/apparmor/profiles/extras/usr.sbin.ipop2d
@@ -10,14 +10,14 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/ipop2d {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/authentication>
-  #include <abstractions/user-mail>
-  #include <abstractions/openssl>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/authentication>
+  include <abstractions/user-mail>
+  include <abstractions/openssl>
 
   /dev/urandom                           r     ,
   /tmp/.*                                rwl   ,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.ipop3d b/profiles/apparmor/profiles/extras/usr.sbin.ipop3d
index b52dc6602..ca6348f5c 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.ipop3d
+++ b/profiles/apparmor/profiles/extras/usr.sbin.ipop3d
@@ -10,14 +10,14 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/ipop3d {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/authentication>
-  #include <abstractions/user-mail>
-  #include <abstractions/openssl>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/authentication>
+  include <abstractions/user-mail>
+  include <abstractions/openssl>
 
   /dev/urandom                           r     ,
   /tmp/.*                                rwl   ,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.lighttpd b/profiles/apparmor/profiles/extras/usr.sbin.lighttpd
index 0bf98a4e0..af11fb5a9 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.lighttpd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.lighttpd
@@ -11,13 +11,13 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/lighttpd {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/perl>
-  #include <abstractions/web-data>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/perl>
+  include <abstractions/web-data>
 
   # needed to change max file descriptors
   capability sys_resource,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.mysqld b/profiles/apparmor/profiles/extras/usr.sbin.mysqld
index b5745c0d1..cd0801944 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.mysqld
+++ b/profiles/apparmor/profiles/extras/usr.sbin.mysqld
@@ -14,13 +14,13 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/mysqld {
-  #include <abstractions/base>
-  #include <abstractions/mysql>
-  #include <abstractions/nameservice>
-  #include <abstractions/user-tmp>
+  include <abstractions/base>
+  include <abstractions/mysql>
+  include <abstractions/nameservice>
+  include <abstractions/user-tmp>
 
   capability dac_override,
   capability setgid,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.oidentd b/profiles/apparmor/profiles/extras/usr.sbin.oidentd
index 334d96d3d..999cefefa 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.oidentd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.oidentd
@@ -11,11 +11,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/oidentd {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/nameservice>
 
   capability net_bind_service,
   capability dac_override,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.popper b/profiles/apparmor/profiles/extras/usr.sbin.popper
index c88c2ef23..3b2ef4c6e 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.popper
+++ b/profiles/apparmor/profiles/extras/usr.sbin.popper
@@ -12,13 +12,13 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/popper {
-  #include <abstractions/authentication>
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/user-mail>
+  include <abstractions/authentication>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/user-mail>
 
   capability setgid,
   capability setuid,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.postalias b/profiles/apparmor/profiles/extras/usr.sbin.postalias
index 7346ece1f..6b5f3ccdd 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.postalias
+++ b/profiles/apparmor/profiles/extras/usr.sbin.postalias
@@ -10,14 +10,14 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/postalias {
-  #include <abstractions/base>
-  #include <abstractions/kerberosclient>
-  #include <abstractions/nameservice>
-  #include <abstractions/consoles>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/kerberosclient>
+  include <abstractions/nameservice>
+  include <abstractions/consoles>
+  include <abstractions/postfix-common>
   /etc/aliases                         r,
   /etc/aliases.db                      rwlk,
   /etc/postfix                         r,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.postdrop b/profiles/apparmor/profiles/extras/usr.sbin.postdrop
index 22b0312c9..3b1706799 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.postdrop
+++ b/profiles/apparmor/profiles/extras/usr.sbin.postdrop
@@ -11,13 +11,13 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/postdrop {
-  #include <abstractions/base>
-  #include <abstractions/kerberosclient>
-  #include <abstractions/nameservice>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/kerberosclient>
+  include <abstractions/nameservice>
+  include <abstractions/postfix-common>
 
   # This is needed at least for permissions=paranoid
   capability dac_override,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.postmap b/profiles/apparmor/profiles/extras/usr.sbin.postmap
index 4c605823a..b946eff96 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.postmap
+++ b/profiles/apparmor/profiles/extras/usr.sbin.postmap
@@ -10,13 +10,13 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/postmap {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/kerberosclient>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/kerberosclient>
+  include <abstractions/postfix-common>
 
   /etc/fstab                        r,
   /etc/mtab                         r,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.postqueue b/profiles/apparmor/profiles/extras/usr.sbin.postqueue
index e08479aae..4ca429c38 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.postqueue
+++ b/profiles/apparmor/profiles/extras/usr.sbin.postqueue
@@ -10,14 +10,14 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/postqueue {
-  #include <abstractions/base>
-  #include <abstractions/consoles>
-  #include <abstractions/nameservice>
-  #include <abstractions/kerberosclient>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/nameservice>
+  include <abstractions/kerberosclient>
+  include <abstractions/postfix-common>
 
   # This is needed at least for permissions=paranoid
   capability dac_override,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.sendmail b/profiles/apparmor/profiles/extras/usr.sbin.sendmail
index b169c9b67..2392ed695 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.sendmail
+++ b/profiles/apparmor/profiles/extras/usr.sbin.sendmail
@@ -13,15 +13,15 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/sendmail {
-  #include <abstractions/base>
-  #include <abstractions/consoles>
-  #include <abstractions/kerberosclient>
-  #include <abstractions/nameservice>
-  #include <abstractions/user-tmp>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/kerberosclient>
+  include <abstractions/nameservice>
+  include <abstractions/user-tmp>
+  include <abstractions/postfix-common>
 
   /usr/bin/procmail           Px,
 
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix b/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix
index fbb73125d..23bdce2f1 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix
+++ b/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix
@@ -10,15 +10,15 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/sendmail.postfix {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/consoles>
-  #include <abstractions/kerberosclient>
-  #include <abstractions/user-tmp>
-  #include <abstractions/postfix-common>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/consoles>
+  include <abstractions/kerberosclient>
+  include <abstractions/user-tmp>
+  include <abstractions/postfix-common>
 
   /etc/mtab                                r,
   /etc/postfix                             r,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail b/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail
index 86248d833..85f5dbd1d 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail
+++ b/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail
@@ -10,11 +10,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/sendmail.sendmail {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/nameservice>
 
   @{PROC}/loadavg             r,
   /etc/aliases                rw,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.spamd b/profiles/apparmor/profiles/extras/usr.sbin.spamd
index b72efbbf9..6ee9f97a2 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.spamd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.spamd
@@ -12,13 +12,13 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/spamd {
-  #include <abstractions/authentication>
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/perl>
+  include <abstractions/authentication>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/perl>
 
   capability net_bind_service,
   capability setgid,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.squid b/profiles/apparmor/profiles/extras/usr.sbin.squid
index dc8038541..a94eb3e71 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.squid
+++ b/profiles/apparmor/profiles/extras/usr.sbin.squid
@@ -11,13 +11,13 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/squid {
-  #include <abstractions/base>
-  #include <abstractions/consoles>
-  #include <abstractions/kerberosclient>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/kerberosclient>
+  include <abstractions/nameservice>
 
   capability setgid,
   capability setuid,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.sshd b/profiles/apparmor/profiles/extras/usr.sbin.sshd
index b231d51dc..8a04a5225 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.sshd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.sshd
@@ -16,15 +16,15 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/sshd {
-  #include <abstractions/authentication>
-  #include <abstractions/base>
-  #include <abstractions/consoles>
-  #include <abstractions/libpam-systemd>
-  #include <abstractions/nameservice>
-  #include <abstractions/wutmp>
+  include <abstractions/authentication>
+  include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/libpam-systemd>
+  include <abstractions/nameservice>
+  include <abstractions/wutmp>
 
   capability sys_chroot,
   capability sys_resource,
@@ -101,9 +101,9 @@ abi <abi/3.0>,
   # to set memory protection for passwd
   @{PROC}/@{pid}/task/@{pid}/attr/exec w,
   profile passwd {
-    #include <abstractions/authentication>
-    #include <abstractions/base>
-    #include <abstractions/nameservice>
+    include <abstractions/authentication>
+    include <abstractions/base>
+    include <abstractions/nameservice>
 
     capability audit_write,
     capability chown,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.useradd b/profiles/apparmor/profiles/extras/usr.sbin.useradd
index 5205eae1c..1b38a0e42 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.useradd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.useradd
@@ -11,16 +11,16 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/useradd {
-  #include <abstractions/authentication>
-  #include <abstractions/base>
-  #include <abstractions/bash>
-  #include <abstractions/perl>
-  #include <abstractions/consoles>
-  #include <abstractions/nameservice>
-  #include <abstractions/wutmp>
+  include <abstractions/authentication>
+  include <abstractions/base>
+  include <abstractions/bash>
+  include <abstractions/perl>
+  include <abstractions/consoles>
+  include <abstractions/nameservice>
+  include <abstractions/wutmp>
 
   capability audit_write,
   capability chown,
@@ -62,9 +62,9 @@ abi <abi/3.0>,
   /var/spool/mail/* rw,
 
   profile pam_tally2 {
-    #include <abstractions/base>
-    #include <abstractions/consoles>
-    #include <abstractions/nameservice>
+    include <abstractions/base>
+    include <abstractions/consoles>
+    include <abstractions/nameservice>
 
     capability audit_write,
 
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.userdel b/profiles/apparmor/profiles/extras/usr.sbin.userdel
index 5494609e0..138a5b1eb 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.userdel
+++ b/profiles/apparmor/profiles/extras/usr.sbin.userdel
@@ -11,16 +11,16 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/userdel {
-  #include <abstractions/authentication>
-  #include <abstractions/base>
-  #include <abstractions/bash>
-  #include <abstractions/consoles>
-  #include <abstractions/perl>
-  #include <abstractions/nameservice>
-  #include <abstractions/wutmp>
+  include <abstractions/authentication>
+  include <abstractions/base>
+  include <abstractions/bash>
+  include <abstractions/consoles>
+  include <abstractions/perl>
+  include <abstractions/nameservice>
+  include <abstractions/wutmp>
 
   capability chown,
   capability dac_override,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.vsftpd b/profiles/apparmor/profiles/extras/usr.sbin.vsftpd
index b527efa7d..0027fbae0 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.vsftpd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.vsftpd
@@ -11,12 +11,12 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/vsftpd {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-  #include <abstractions/authentication>
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/authentication>
 
   /dev/urandom               r,
   /etc/environment           r,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.xinetd b/profiles/apparmor/profiles/extras/usr.sbin.xinetd
index b164bfa13..857fcd4e3 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.xinetd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.xinetd
@@ -10,11 +10,11 @@
 
 abi <abi/3.0>,
 
-#include <tunables/global>
+include <tunables/global>
 
 /usr/sbin/xinetd {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
+  include <abstractions/base>
+  include <abstractions/nameservice>
 
   capability net_bind_service,
   capability setgid,