[apparmor] Understanding child profiles and file_inherit

[Vincas Dargis]

On 2017.11.12 16:16, intrigeri wrote:
> Sorry, I have no good solution to propose. Either you need to
> explicitly deny each inherited file. Or you can deny everything ("deny
> /**") and then add exceptions for what locale really needs to access,

Doesn't deny overrides everything what is allowed? Not sure if that "exceptions" could work when `deny` is already in place.

Anyway, I guess I can simply explicitly deny file_inherit cases, and any new occurrences could be treated as 
low-priority-almost-wonfix :) .