diff --git a/pkg/aa/profile.go b/pkg/aa/profile.go
index 0af3dede..9b548306 100644
--- a/pkg/aa/profile.go
+++ b/pkg/aa/profile.go
@@ -87,15 +87,16 @@ func (p *AppArmorProfile) AddRule(log map[string]string) {
 	case "net":
 		p.Rules = append(p.Rules, NetworkFromLog(log))
 	case "mount":
-		p.Rules = append(p.Rules, MountFromLog(log))
-	case "remount":
-		p.Rules = append(p.Rules, RemountFromLog(log))
-	case "umount":
-		p.Rules = append(p.Rules, UmountFromLog(log))
-	case "pivot_root":
-		p.Rules = append(p.Rules, PivotRootFromLog(log))
-	case "change_profile":
-		p.Rules = append(p.Rules, RemountFromLog(log))
+		switch log["operation"] {
+		case "mount":
+			p.Rules = append(p.Rules, MountFromLog(log))
+		case "umount":
+			p.Rules = append(p.Rules, UmountFromLog(log))
+		case "remount":
+			p.Rules = append(p.Rules, RemountFromLog(log))
+		case "pivotroot":
+			p.Rules = append(p.Rules, PivotRootFromLog(log))
+		}
 	case "mqueue":
 		p.Rules = append(p.Rules, MqueueFromLog(log))
 	case "signal":
@@ -107,7 +108,11 @@ func (p *AppArmorProfile) AddRule(log map[string]string) {
 	case "unix":
 		p.Rules = append(p.Rules, UnixFromLog(log))
 	case "file":
-		p.Rules = append(p.Rules, FileFromLog(log))
+		if log["operation"] == "change_onexec" {
+			p.Rules = append(p.Rules, ChangeProfileFromLog(log))
+		} else {
+			p.Rules = append(p.Rules, FileFromLog(log))
+		}
 	default:
 		if strings.Contains(log["operation"], "dbus") {
 			p.Rules = append(p.Rules, DbusFromLog(log))
diff --git a/pkg/aa/template.go b/pkg/aa/template.go
index e80ef52d..b6136635 100644
--- a/pkg/aa/template.go
+++ b/pkg/aa/template.go
@@ -33,6 +33,7 @@ var (
 	// TODO: Should be a map of slice, not exhaustive yet
 	maskToAccess = map[string]string{
 		"a":            "w",
+		"ac":           "w",
 		"c":            "w",
 		"d":            "w",
 		"k":            "k",