AA denied access to /boot/initrd.img-2.6.35-23-generic because you explicitly did not allow the application to access that file in its AA profile. This is of course logged.
But what I'm talking about is this: if I add this line to usr.bin.evince
deny /boot/initrd.img-2.6.35-23-generic r,
and then attempt to open the initrd file using evince, the access will be denied AND it will not be logged. BTW the quote you gave ("deny rules - In a profile any rule with the deny prefix will cause quieting of rejects matching the rule. ") IMO confirms this.
My original question was: can this behavior be applied to the network rule as well?
It should work yes, and if it does not, please file a bug report, lol.
There are two mistakes one can make along the road to truth...not going all the way, and not starting.
--Prince Gautama Siddharta