How do I create a default fallback profile for any process that doesn't have one in AppArmor?

Is there a way to specify a default profile on any executable that doesn't have a profile already defined?

The idea is to avoid any unconstrained processes.


According to the mailing list, there could be a way to generate such a default profile in this way:

profile default /** {
  #insert default profile rules here
}

sources: Generate a default/fallback profile? No blacklisting and the responses that follow.

Note that "Currently setting a default profile that applies to the whole system from boot is a bit of a pain but we do have plans to improve that. Unfortunately there is enough other work happen that I don't see it happen soon." from John Johansen's response here.
Anyone interested is requested to read the thread in its entirety.