diff --git a/aa_mod.patch b/aa_mod.patch
index ae0eb7b..b9a43b9 100644
--- a/aa_mod.patch
+++ b/aa_mod.patch
@@ -1,5 +1,5 @@
 diff --git a/nixos/modules/security/apparmor.nix b/nixos/modules/security/apparmor.nix
-index a4b3807e4e0f..c7c879c39d12 100644
+index a4b3807e4e0f..87a2c2c81feb 100644
 --- a/nixos/modules/security/apparmor.nix
 +++ b/nixos/modules/security/apparmor.nix
 @@ -3,15 +3,11 @@
@@ -20,9 +20,12 @@ index a4b3807e4e0f..c7c879c39d12 100644
  in
  
  {
-@@ -47,13 +43,30 @@ in
+@@ -45,15 +41,30 @@ in
+         description = ''
+           AppArmor policies.
          '';
-         type = types.attrsOf (types.submodule ({ name, config, ... }: {
+-        type = types.attrsOf (types.submodule ({ name, config, ... }: {
++        type = types.attrsOf (types.submodule ({ name, config, options, ... }: {
            options = {
 -            enable = mkDisableOption "loading of the profile into the kernel";
 -            enforce = mkDisableOption "enforcing of the policy or only complain in the logs";
@@ -46,16 +49,14 @@ index a4b3807e4e0f..c7c879c39d12 100644
 +              type = types.nullOr types.path;
 +              default = null;
 +              description = "A path of a profile to include. Incompatible with profile.";
-+              apply = p: let
-+                inherit (config) profile;
-+              in assert (assertMsg ((p != null && profile == "") || (p == null && profile != ""))
++              apply = p: assert (assertMsg ((p != null && !options.profile.isDefined) || (p == null && options.profile.isDefined))
 +                "`security.apparmor.policies.\"${name}\"` must define exactly one of either path or profile.");
-+                (if (p != null) then p else (pkgs.writeText name profile));
++                  (if (p != null) then p else (pkgs.writeText name config.profile));
 +             };
            };
          }));
          default = {};
-@@ -108,7 +121,7 @@ in
+@@ -108,7 +119,7 @@ in
      environment.etc."apparmor.d".source = pkgs.linkFarm "apparmor.d" (
        # It's important to put only enabledPolicies here and not all cfg.policies
        # because aa-remove-unknown reads profiles from all /etc/apparmor.d/*
@@ -64,7 +65,7 @@ index a4b3807e4e0f..c7c879c39d12 100644
        mapAttrsToList (name: path: { inherit name path; }) cfg.includes
      );
      environment.etc."apparmor/parser.conf".text = ''
-@@ -187,7 +200,7 @@ in
+@@ -187,7 +198,7 @@ in
            xargs --verbose --no-run-if-empty --delimiter='\n' \
            kill
          '';
diff --git a/common/tooling/apparmor/apparmor-d-module.nix b/common/tooling/apparmor/apparmor-d-module.nix
index 11ce76c..c358d36 100644
--- a/common/tooling/apparmor/apparmor-d-module.nix
+++ b/common/tooling/apparmor/apparmor-d-module.nix
@@ -25,11 +25,11 @@ let
     security.apparmor.packages = [ apparmor-d ];
     security.apparmor.policies = mapAttrs (name: state: {
       inherit state;
-      profile = let
+      path = let
         file = "${apparmor-d}/etc/apparmor.d/${name}";
       in
         assert assertMsg (pathIsRegularFile file) "profile ${name} not found in apparmor.d path (${file})";
-       ''include "${file}"'';
+        file;
     }) cfg.profiles;
 
     specialisation.no-apparmor.configuration = {