diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
index 8ed94dbdd..8fefbe7d1 100644
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -813,11 +813,6 @@ def ask_exec(hashlog):
 
     for aamode in hashlog:
         for full_profile in hashlog[aamode]:
-            if '//' in hashlog[aamode][full_profile]['final_name'] and hashlog[aamode][full_profile]['exec'].keys():
-                # TODO: is this really needed? Or would removing Cx from the options be good enough?
-                aaui.UI_Important('WARNING: Ignoring exec event in %s, nested profiles are not supported yet.' % hashlog[aamode][full_profile]['final_name'])
-                continue
-
             profile, hat = split_name(full_profile)  # XXX temporary solution to avoid breaking the existing code
 
             for exec_target in hashlog[aamode][full_profile]['exec']:
@@ -848,7 +843,9 @@ def ask_exec(hashlog):
                             ##options = 'i'
 
                         # Don't allow hats to cx?
-                        options.replace('c', '')
+                        if '//' in hashlog[aamode][full_profile]['final_name'] and hashlog[aamode][full_profile]['exec'].keys():
+                            options = options.replace('c', '')
+
                         # Add deny to options
                         options += 'd'
                         # Define the default option