[13:56] <Khepra> Hello. Can anyone tell me if apparmor in debian (I'm assuming this channel is upstream for AA?), userland version 2.13.6, kernel 5.10, is broken? Apparently specificity in rule matching for "audit deny" rules doesn't work.    if I have   audit deny /some/path/to/file rw,     but later I have /** mrixk,     that path, even if more specific than /**  , will not be denied
[13:57] <Khepra>  /** mrwixk I mean , yes, w is there, but I'm really testing rix for the specific path
[14:01] <Khepra> I was also under impression that denials cannot be overriden. once denied, no additional rule can overturn that