CapConfig defines the allowed or denied kernel capabilities for a profile.
FsConfig defines the filesystem options for a profile.
NetConfig defines the network options for a profile. For example you probably don't need NetworkRaw if your application doesn't `ping`. Currently limited to AppArmor 2.3-2.6 rules.
ProfileConfig defines the config for an apparmor profile to be generated from.
Generate uses the baseTemplate to generate an apparmor profile for the ProfileConfig passed.
Install takes a profile config, generates the profile and installs it in the given directory with `apparmor_parser`.