diff --git a/apparmor.d/abstractions/app/kmod b/apparmor.d/abstractions/app/kmod
new file mode 100644
index 00000000..ae6b1cd7
--- /dev/null
+++ b/apparmor.d/abstractions/app/kmod
@@ -0,0 +1,22 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+  include <abstractions/consoles>
+
+  @{bin}/kmod mr,
+
+  @{lib}/modprobe.d/ r,
+  @{lib}/modprobe.d/*.conf r,
+
+  /etc/depmod.d/ r,
+  /etc/depmod.d/*.conf r,
+  /etc/modprobe.d/ r,
+  /etc/modprobe.d/*.conf r,
+
+  @{PROC}/cmdline r,
+  @{PROC}/modules r,
+
+  include if exists <abstractions/app/kmod.d>
+
+# vim:syntax=apparmor
diff --git a/apparmor.d/groups/children/child-modprobe-nvidia b/apparmor.d/groups/children/child-modprobe-nvidia
index d1f45de1..1812463f 100644
--- a/apparmor.d/groups/children/child-modprobe-nvidia
+++ b/apparmor.d/groups/children/child-modprobe-nvidia
@@ -57,14 +57,11 @@ profile child-modprobe-nvidia flags=(attach_disconnected) {
 
   profile kmod {
     include <abstractions/base>
-    include <abstractions/consoles>
+    include <abstractions/app/kmod>
 
     capability mknod,
     # capability sys_module,
 
-    @{bin}/kmod mr,
-
-    /etc/modprobe.d/{,*.conf} r,
     /etc/nvidia/{current,legacy*,tesla*}/*.conf r,
 
     # @{sys}/module/ipmi_devintf/initstate r,
@@ -72,8 +69,6 @@ profile child-modprobe-nvidia flags=(attach_disconnected) {
     # @{sys}/module/{drm,nvidia}/initstate r,
     @{sys}/module/compression r,
 
-    @{PROC}/cmdline r,
-
     include if exists <local/child-modprobe-nvidia_kmod>
   }
 
diff --git a/apparmor.d/groups/freedesktop/cpupower b/apparmor.d/groups/freedesktop/cpupower
index c49362bb..0b1d0ead 100644
--- a/apparmor.d/groups/freedesktop/cpupower
+++ b/apparmor.d/groups/freedesktop/cpupower
@@ -43,15 +43,9 @@ profile cpupower @{exec_path} {
 
   profile kmod {
     include <abstractions/base>
+    include <abstractions/app/kmod>
 
-    @{bin}/kmod mr,
-
-    @{PROC}/cmdline r,
-    #@{PROC}/modules r,
-
-    /etc/modprobe.d/ r,
-    /etc/modprobe.d/*.conf r,
-
+    include if exists <local/cpupower_kmod>
   }
 
   include if exists <local/cpupower>
diff --git a/apparmor.d/profiles-a-f/check-bios-nx b/apparmor.d/profiles-a-f/check-bios-nx
index 4873d3e0..9efa992f 100644
--- a/apparmor.d/profiles-a-f/check-bios-nx
+++ b/apparmor.d/profiles-a-f/check-bios-nx
@@ -32,17 +32,11 @@ profile check-bios-nx @{exec_path} {
 
   profile kmod {
     include <abstractions/base>
+    include <abstractions/app/kmod>
 
-    @{bin}/kmod mr,
-
-    /etc/modprobe.d/ r,
-    /etc/modprobe.d/*.conf r,
-    @{lib}/modprobe.d/ r,
-    @{lib}/modprobe.d/*.conf r,
     @{lib}/modules/*/modules.* r,
 
-    @{PROC}/cmdline r,
-
+    include if exists <local/check-bios-nx_kmod>
   }
 
   include if exists <local/check-bios-nx>
diff --git a/apparmor.d/profiles-a-f/dkms b/apparmor.d/profiles-a-f/dkms
index 90206b44..03fab4ec 100644
--- a/apparmor.d/profiles-a-f/dkms
+++ b/apparmor.d/profiles-a-f/dkms
@@ -97,20 +97,14 @@ profile dkms @{exec_path} flags=(attach_disconnected) {
 
   profile kmod {
     include <abstractions/base>
-    include <abstractions/consoles>
-
-    @{bin}/kmod mr,
-
-    @{PROC}/cmdline r,
-
-    /etc/depmod.d/{,*} r,
+    include <abstractions/app/kmod>
 
     @{lib}/modules/*/modules.* rw,
     /var/lib/dkms/**/module/*.ko* r,
 
     owner /boot/System.map-* r,
 
-    owner @{tmp}/tmp.* r,
+    audit owner @{tmp}/tmp.* r,
 
     @{sys}/module/compression r,
 
diff --git a/apparmor.d/profiles-g-l/hardinfo b/apparmor.d/profiles-g-l/hardinfo
index 02ac63e6..9cadb774 100644
--- a/apparmor.d/profiles-g-l/hardinfo
+++ b/apparmor.d/profiles-g-l/hardinfo
@@ -184,15 +184,13 @@ profile hardinfo @{exec_path} {
 
   profile kmod {
     include <abstractions/base>
-
-    @{bin}/kmod mr,
+    include <abstractions/app/kmod>
 
     @{sys}/module/** r,
 
-    @{PROC}/cmdline r,
-    @{PROC}/modules r,
     @{PROC}/ioports r,
 
+    include if exists <local/hardinfo_kmod>
   }
 
   include if exists <local/hardinfo>
diff --git a/apparmor.d/profiles-g-l/hwinfo b/apparmor.d/profiles-g-l/hwinfo
index f56dd2b1..f7953e34 100644
--- a/apparmor.d/profiles-g-l/hwinfo
+++ b/apparmor.d/profiles-g-l/hwinfo
@@ -68,20 +68,13 @@ profile hwinfo @{exec_path} {
 
   profile kmod {
     include <abstractions/base>
-    include <abstractions/consoles>
-
-    @{bin}/kmod mr,
-
-    /etc/modprobe.d/{,*.conf} r,
+    include <abstractions/app/kmod>
 
     owner @{tmp}/hwinfo*.txt rw,
 
     @{sys}/devices/@{pci}/drm/card@{int}/ r,
 
-    @{PROC}/cmdline r,
-    @{PROC}/modules r,
-
-    include if exists <local/hwinfo_udevadm>
+    include if exists <local/hwinfo_kmod>
   }
 
   profile udevadm {
diff --git a/apparmor.d/profiles-g-l/ifup b/apparmor.d/profiles-g-l/ifup
index 74cf07da..605c26f9 100644
--- a/apparmor.d/profiles-g-l/ifup
+++ b/apparmor.d/profiles-g-l/ifup
@@ -96,17 +96,11 @@ profile ifup @{exec_path} {
 
   profile kmod {
     include <abstractions/base>
-
-    @{bin}/kmod mr,
+    include <abstractions/app/kmod>
 
     @{sys}/module/** r,
 
-    @{PROC}/cmdline r,
-    @{PROC}/modules r,
-
-    /etc/modprobe.d/ r,
-    /etc/modprobe.d/*.conf r,
-
+    include if exists <local/ifup_kmod>
   }
 
   profile sysctl {
diff --git a/apparmor.d/profiles-g-l/inxi b/apparmor.d/profiles-g-l/inxi
index aba281c3..0dbe0368 100644
--- a/apparmor.d/profiles-g-l/inxi
+++ b/apparmor.d/profiles-g-l/inxi
@@ -145,11 +145,7 @@ profile inxi @{exec_path} {
 
   profile kmod {
     include <abstractions/base>
-
-    @{bin}/kmod mr,
-
-    @{PROC}/cmdline r,
-    @{PROC}/modules r,
+    include <abstractions/app/kmod>
 
     include if exists <local/inxi_kmod>
   }
diff --git a/apparmor.d/profiles-g-l/kernel-install b/apparmor.d/profiles-g-l/kernel-install
index 93cb01b1..808528ce 100644
--- a/apparmor.d/profiles-g-l/kernel-install
+++ b/apparmor.d/profiles-g-l/kernel-install
@@ -33,7 +33,14 @@ profile kernel-install @{exec_path} {
   /etc/kernel/install.d/ r,
   /etc/kernel/install.d/*.install rix,
 
-  owner @{tmp}/sh-thd.* rw,
+  @{lib}/os-release r,
+  /etc/kernel/cmdline r,
+  /etc/kernel/tries r,
+  /etc/machine-id r,
+  /etc/os-release r,
+  /var/lib/dbus/machine-id r,
+
+  @{lib}/modules/*/modules.* w,
 
   owner /boot/{vmlinuz,initrd.img}-* r,
   owner /boot/[a-f0-9]*/*/ rw,
@@ -42,25 +49,15 @@ profile kernel-install @{exec_path} {
   owner /boot/loader/entries/ rw,
   owner /boot/loader/entries/*.conf w,
 
-  @{lib}/modules/*/modules.* w,
+  owner @{tmp}/sh-thd.* rw,
 
-  /etc/os-release r,
-  @{lib}/os-release r,
-
-  /etc/kernel/tries r,
-
-  /etc/kernel/cmdline r,
   @{PROC}/cmdline r,
 
-  /var/lib/dbus/machine-id r,
-  /etc/machine-id r,
-
-
-  profile kmod flags=(complain) {
+  profile kmod {
     include <abstractions/base>
+    include <abstractions/app/kmod>
 
-    @{bin}/kmod mr,
-
+    include if exists <local/kernel-install_kmod>
   }
 
   include if exists <local/kernel-install>
diff --git a/apparmor.d/profiles-g-l/kvm-ok b/apparmor.d/profiles-g-l/kvm-ok
index a023293f..22e08714 100644
--- a/apparmor.d/profiles-g-l/kvm-ok
+++ b/apparmor.d/profiles-g-l/kvm-ok
@@ -32,16 +32,9 @@ profile kvm-ok @{exec_path} {
 
   profile kmod {
     include <abstractions/base>
+    include <abstractions/app/kmod>
 
-    @{bin}/kmod mr,
-
-    /etc/modprobe.d/ r,
-    /etc/modprobe.d/*.conf r,
-    @{lib}/modprobe.d/ r,
-    @{lib}/modprobe.d/*.conf r,
-
-    @{PROC}/cmdline r,
-
+    include if exists <local/kvm-ok_kmod>
   }
 
   include if exists <local/kvm-ok>
diff --git a/apparmor.d/profiles-m-r/mkinitramfs b/apparmor.d/profiles-m-r/mkinitramfs
index 30bc6afd..692d7918 100644
--- a/apparmor.d/profiles-m-r/mkinitramfs
+++ b/apparmor.d/profiles-m-r/mkinitramfs
@@ -159,16 +159,7 @@ profile mkinitramfs @{exec_path} {
 
   profile kmod {
     include <abstractions/base>
-    include <abstractions/consoles>
-
-    @{bin}/kmod mr,
-
-    @{PROC}/cmdline r,
-
-    /etc/depmod.d/ r,
-    /etc/depmod.d/*.conf r,
-    /etc/modprobe.d/ r,
-    /etc/modprobe.d/*.conf r,
+    include <abstractions/app/kmod>
 
     owner /var/tmp/mkinitramfs_*/usr/lib/modules/*/ r,
     owner /var/tmp/mkinitramfs_*/usr/lib/modules/*/modules.* rw,
diff --git a/apparmor.d/profiles-s-z/sensors-detect b/apparmor.d/profiles-s-z/sensors-detect
index 57704192..5eececb0 100644
--- a/apparmor.d/profiles-s-z/sensors-detect
+++ b/apparmor.d/profiles-s-z/sensors-detect
@@ -48,13 +48,7 @@ profile sensors-detect @{exec_path} {
 
   profile kmod {
     include <abstractions/base>
-
-    @{bin}/kmod mr,
-
-    @{lib}/modprobe.d/{,*.conf} r,
-    /etc/modprobe.d/{,*.conf} r,
-
-    @{PROC}/cmdline r,
+    include <abstractions/app/kmod>
 
     include if exists <local/sensors-detect_udevadm>
   }
diff --git a/apparmor.d/profiles-s-z/spectre-meltdown-checker b/apparmor.d/profiles-s-z/spectre-meltdown-checker
index 98d67718..33c02ce4 100644
--- a/apparmor.d/profiles-s-z/spectre-meltdown-checker
+++ b/apparmor.d/profiles-s-z/spectre-meltdown-checker
@@ -168,20 +168,13 @@ profile spectre-meltdown-checker @{exec_path} {
 
   profile kmod {
     include <abstractions/base>
-    include <abstractions/consoles>
+    include <abstractions/app/kmod>
 
     capability sys_module,
 
     owner @{sys}/module/cpuid/** r,
     owner @{sys}/module/msr/** r,
 
-    @{bin}/kmod mr,
-
-    /etc/modprobe.d/ r,
-    /etc/modprobe.d/*.conf r,
-
-    @{PROC}/cmdline r,
-
     include if exists <local/spectre-meltdown-checker_kmod>
   }