as i mentioned earlier, i am doing web infrastructure refactoring in my network, now i am switching to php-fpm from apache, and want to create apparmor profile for every instance of php-fpm pool, i have found what it is possible with apparmor_hat, i also have found some hint here , but unfortunately apparmor profiles syntax have changed since this article write time, so i am getting :

aa-complain php-fpm-main
Setting /etc/apparmor.d/php-fpm-main to complain mode.

ERROR: Warning from /etc/apparmor.d/php-fpm-main (/etc/apparmor.d/php-fpm-main line 51): The use of file paths as profile names is deprecated. See man apparmor.d for more information
Found reference to variable pid, but is never declared

for config provided in article, as i understand now-days apparmor used some different method to load profiles from directory, will be glad for any suggestions, i am not able to find required information by myself, looks like it not described in man apparmor.d
nevermind, it's apparmor upstream undocumented non (yet?) working changes