I am trying to install a driver for my Brother printer/scanner (DCP-9020CDW). Brother provides Linux drivers (printer drivers are libre; scanner drivers are not). One of the requirements before installing is to run
$sudo aa-complain cupsd
which, according to the manual, means that "security policy is not enforced but rather access violations are logged to the system log".
Asking to disable security policies before installing new packages/drivers from outside the official repositories sounds suspicious to me. Am I being too paranoid, and is there anything sensible I can do apart from just not using my scanner*?
*There's an open-source PPD file for the printer, though I haven't tried installing it yet.
In lack of any better answers, I've concluded that it's a bad idea to disable security policies unless one really understands or trusts the process. This might mean something cannot be installed or an alternative method is necessary.
In this case, I eventually managed to avoid using aa-complain by not using the Brother script that required this; instead, I manually installed the individual drivers and applied the changes that the script would do automatically (not describing the process here because it's not directly relevant to the question).