diff --git a/apparmor.d/groups/apt/apt-key b/apparmor.d/groups/apt/apt-key
index 25a53282..f73df39d 100644
--- a/apparmor.d/groups/apt/apt-key
+++ b/apparmor.d/groups/apt/apt-key
@@ -102,7 +102,7 @@ profile apt-key @{exec_path} {
     owner @{PROC}/@{pid}/fd/ r,
     owner @{PROC}/@{pid}/task/@{tid}/comm rw,
 
-    include if exists <local/apt-key_pgp>
+    include if exists <local/apt-key_gpg>
   }
 
   include if exists <local/apt-key>
diff --git a/apparmor.d/groups/apt/debconf-apt-progress b/apparmor.d/groups/apt/debconf-apt-progress
index 7b80201d..4ddcca5c 100644
--- a/apparmor.d/groups/apt/debconf-apt-progress
+++ b/apparmor.d/groups/apt/debconf-apt-progress
@@ -46,6 +46,7 @@ profile debconf-apt-progress @{exec_path} flags=(complain) {
 
     /etc/shadow r,
 
+    include if exists <local/debconf-apt-progress_frontend>
   }
 
   include if exists <local/debconf-apt-progress>
diff --git a/apparmor.d/groups/apt/dpkg-architecture b/apparmor.d/groups/apt/dpkg-architecture
index e5ccb2f8..a5825727 100644
--- a/apparmor.d/groups/apt/dpkg-architecture
+++ b/apparmor.d/groups/apt/dpkg-architecture
@@ -45,6 +45,7 @@ profile dpkg-architecture @{exec_path} {
 
     /etc/debian_version r,
 
+    include if exists <local/dpkg-architecture_ccache>
   }
 
   include if exists <local/dpkg-architecture>
diff --git a/apparmor.d/groups/cron/cron b/apparmor.d/groups/cron/cron
index 61dce67d..7db10924 100644
--- a/apparmor.d/groups/cron/cron
+++ b/apparmor.d/groups/cron/cron
@@ -74,7 +74,7 @@ profile cron @{exec_path} flags=(attach_disconnected) {
 
     owner @{tmp}/#@{int} rw,
 
-   include if exists <local/cron_run_parts>
+   include if exists <local/cron_run-parts>
   }
 
   include if exists <local/cron>
diff --git a/apparmor.d/groups/cron/cron-apt-listbugs b/apparmor.d/groups/cron/cron-apt-listbugs
index f2623dbf..1b3f40d8 100644
--- a/apparmor.d/groups/cron/cron-apt-listbugs
+++ b/apparmor.d/groups/cron/cron-apt-listbugs
@@ -33,6 +33,7 @@ profile cron-apt-listbugs @{exec_path} {
 
     /var/spool/apt-listbugs/lastprefclean rw,
 
+    include if exists <local/cron-apt-listbugs_prefclean>
   }
 
   include if exists <local/cron-apt-listbugs>
diff --git a/apparmor.d/groups/cron/cron-debsums b/apparmor.d/groups/cron/cron-debsums
index 33e785ee..5a7adf14 100644
--- a/apparmor.d/groups/cron/cron-debsums
+++ b/apparmor.d/groups/cron/cron-debsums
@@ -43,6 +43,7 @@ profile cron-debsums @{exec_path} {
 
     owner @{PROC}/@{pid}/fd/3 rw,
 
+    include if exists <local/cron-debsums_tee>
   }
 
   include if exists <local/cron-debsums>
diff --git a/apparmor.d/groups/cron/cron-popularity-contest b/apparmor.d/groups/cron/cron-popularity-contest
index a1247a0b..dd50a749 100644
--- a/apparmor.d/groups/cron/cron-popularity-contest
+++ b/apparmor.d/groups/cron/cron-popularity-contest
@@ -152,7 +152,7 @@ profile cron-popularity-contest @{exec_path} {
 
     owner @{tmp}/#@{int} rw,  # file_inherit
 
-    include if exists <local/cron-popularity-contest_/popcon-upload>
+    include if exists <local/cron-popularity-contest_popcon-upload>
   }
 
   include if exists <local/cron-popularity-contest>
diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-icon b/apparmor.d/groups/freedesktop/xdg-desktop-icon
index 0d8512b5..ba699bdb 100644
--- a/apparmor.d/groups/freedesktop/xdg-desktop-icon
+++ b/apparmor.d/groups/freedesktop/xdg-desktop-icon
@@ -39,7 +39,7 @@ profile xdg-desktop-icon @{exec_path} {
     include <abstractions/base>
     include <abstractions/app/bus>
     include <abstractions/bus-session>
-    include if exists <local/xdg-settings_bus>
+    include if exists <local/xdg-desktop-icon_bus>
   }
 
   include if exists <local/xdg-desktop-icon>
diff --git a/apparmor.d/groups/gnome/gdm-prime-defaut b/apparmor.d/groups/gnome/gdm-prime-defaut
index b5b11160..189e166f 100644
--- a/apparmor.d/groups/gnome/gdm-prime-defaut
+++ b/apparmor.d/groups/gnome/gdm-prime-defaut
@@ -7,7 +7,7 @@ abi <abi/4.0>,
 include <tunables/global>
 
 @{exec_path} = /etc/gdm{3,}/{Init,Prime}/Default
-profile gdm-defaut @{exec_path} flags=(complain) {
+profile gdm-prime-defaut @{exec_path} flags=(complain) {
   include <abstractions/base>
 
   @{exec_path} mr,
diff --git a/apparmor.d/groups/network/openvpn b/apparmor.d/groups/network/openvpn
index 3e6a1cb5..532c65f7 100644
--- a/apparmor.d/groups/network/openvpn
+++ b/apparmor.d/groups/network/openvpn
@@ -90,6 +90,7 @@ profile openvpn @{exec_path} flags=(attach_disconnected) {
     /etc/iproute2/rt_tables r,
     /etc/iproute2/rt_tables.d/ r,
 
+    include if exists <local/openvpn_update-resolv>
   }
 
   profile force-user-traffic-via-vpn {
@@ -121,6 +122,7 @@ profile openvpn @{exec_path} flags=(attach_disconnected) {
 
     owner @{PROC}/sys/net/ipv{4,}/route/flush w,
 
+    include if exists <local/openvpn_force-user-traffic-via-vpn>
   }
 
   include if exists <local/openvpn>
diff --git a/apparmor.d/groups/pacman/yay b/apparmor.d/groups/pacman/yay
index 32ac11d7..c737d4ca 100644
--- a/apparmor.d/groups/pacman/yay
+++ b/apparmor.d/groups/pacman/yay
@@ -60,7 +60,7 @@ profile yay @{exec_path} {
     owner @{user_cache_dirs}/yay/** rwlk -> @{user_cache_dirs}/yay/**,
     owner @{user_config_dirs}/git/{,*} r,
 
-    include if exists <local/pass_git>
+    include if exists <local/yay_git>
   }
 
   profile editor {
diff --git a/apparmor.d/groups/ssh/ssh-sk-helper b/apparmor.d/groups/ssh/ssh-sk-helper
index defa9ac1..d913e2a2 100644
--- a/apparmor.d/groups/ssh/ssh-sk-helper
+++ b/apparmor.d/groups/ssh/ssh-sk-helper
@@ -2,6 +2,8 @@
 # Copyright (C) 2024 valoq <valoq@mailbox.org>
 # SPDX-License-Identifier: GPL-2.0-only
 
+abi <abi/4.0>,
+
 include <tunables/global>
 
 @{exec_path} = @{lib}/ssh/ssh-sk-helper
diff --git a/apparmor.d/groups/systemd/journalctl b/apparmor.d/groups/systemd/journalctl
index 6020f60f..3c559534 100644
--- a/apparmor.d/groups/systemd/journalctl
+++ b/apparmor.d/groups/systemd/journalctl
@@ -55,7 +55,7 @@ profile journalctl @{exec_path} flags=(attach_disconnected) {
   deny network inet stream,
   deny network inet6 stream,
 
-  include if exists <local/systemd-journalctl>
+  include if exists <local/journalctl>
 }
 
 # vim:syntax=apparmor
diff --git a/apparmor.d/groups/systemd/systemd-resolved b/apparmor.d/groups/systemd/systemd-resolved
index ff5a9813..9b6bfdd9 100644
--- a/apparmor.d/groups/systemd/systemd-resolved
+++ b/apparmor.d/groups/systemd/systemd-resolved
@@ -50,7 +50,7 @@ profile systemd-resolved @{exec_path} flags=(attach_disconnected) {
   @{PROC}/sys/kernel/hostname r,
   @{PROC}/sys/net/ipv{4,6}/conf/all/disable_ipv{4,6} r,
 
-  include if exists <local/systemd-timesyncd>
+  include if exists <local/systemd-resolved>
 }
 
 # vim:syntax=apparmor
diff --git a/apparmor.d/groups/systemd/systemd-sleep-grub2 b/apparmor.d/groups/systemd/systemd-sleep-grub
similarity index 100%
rename from apparmor.d/groups/systemd/systemd-sleep-grub2
rename to apparmor.d/groups/systemd/systemd-sleep-grub
diff --git a/apparmor.d/groups/ubuntu/subiquity-console-conf b/apparmor.d/groups/ubuntu/subiquity-console-conf
index 1b04bd38..58323b8f 100644
--- a/apparmor.d/groups/ubuntu/subiquity-console-conf
+++ b/apparmor.d/groups/ubuntu/subiquity-console-conf
@@ -109,6 +109,7 @@ profile subiquity-console-conf @{exec_path} {
     /var/lib/dbus/machine-id r,
     /etc/machine-id r,
 
+    include if exists <local/subiquity-console-conf_journalctl>
   }
 
   include if exists <local/subiquity-console-conf>
diff --git a/apparmor.d/groups/ubuntu/ubuntu-advantage b/apparmor.d/groups/ubuntu/ubuntu-advantage
index 92b9deef..abbde245 100644
--- a/apparmor.d/groups/ubuntu/ubuntu-advantage
+++ b/apparmor.d/groups/ubuntu/ubuntu-advantage
@@ -87,6 +87,7 @@ profile ubuntu-advantage @{exec_path} {
 
     /dev/kmsg w,
 
+    include if exists <local/ubuntu-advantage_systemctl>
   }
 
   include if exists <local/ubuntu-advantage>
diff --git a/apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot b/apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot
index 7fb3a2b2..86ac61f4 100644
--- a/apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot
+++ b/apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot
@@ -45,6 +45,7 @@ profile update-motd-fsck-at-reboot @{exec_path} {
 
     /dev/tty@{int} rw,
 
+    include if exists <local/update-motd-fsck-at-reboot_mount>
   }
 
   include if exists <local/update-motd-fsck-at-reboot>
diff --git a/apparmor.d/groups/virt/libvirtd b/apparmor.d/groups/virt/libvirtd
index f6519a61..e1aa55d5 100644
--- a/apparmor.d/groups/virt/libvirtd
+++ b/apparmor.d/groups/virt/libvirtd
@@ -290,6 +290,8 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
     owner @{PROC}/@{pids}/status r,
 
     /dev/net/tun rw,
+
+    include if exists <local/libvirtd_qemu_bridge_helper>
   }
 
   include if exists <usr/libvirtd>
diff --git a/apparmor.d/groups/whonix/whonix-firewalld b/apparmor.d/groups/whonix/whonix-firewalld
index f0f8f5d4..01e1cb41 100644
--- a/apparmor.d/groups/whonix/whonix-firewalld
+++ b/apparmor.d/groups/whonix/whonix-firewalld
@@ -7,7 +7,7 @@ abi <abi/4.0>,
 include <tunables/global>
 
 @{exec_path} = @{bin}/whonix_firewall @{lib}/whonix-firewall/reloadfirewall
-profile whonix-firewall @{exec_path} {
+profile whonix-firewalld @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>
   include <abstractions/nameservice-strict>
@@ -45,7 +45,7 @@ profile whonix-firewall @{exec_path} {
   owner @{run}/updatesproxycheck/{,**} rw,
   owner @{run}/whonix_firewall/{,**} rw,
 
-  include if exists <local/whonix-firewall>
+  include if exists <local/whonix-firewalld>
 }
 
 # vim:syntax=apparmor
diff --git a/apparmor.d/groups/xfce/xfce-panel b/apparmor.d/groups/xfce/xfce-panel
index 3c91e789..7b192ffc 100644
--- a/apparmor.d/groups/xfce/xfce-panel
+++ b/apparmor.d/groups/xfce/xfce-panel
@@ -48,7 +48,7 @@ profile xfce-panel @{exec_path} {
 
     @{bin}/lsblk rPx,
 
-    include if exists <local/xfce-panel-wrapper_root>
+    include if exists <local/xfce-panel_root>
   }
 
   include if exists <local/xfce-panel>
diff --git a/apparmor.d/profiles-a-f/acpi-powerbtn b/apparmor.d/profiles-a-f/acpi-powerbtn
index 2a87bdb8..c25d9452 100644
--- a/apparmor.d/profiles-a-f/acpi-powerbtn
+++ b/apparmor.d/profiles-a-f/acpi-powerbtn
@@ -43,6 +43,8 @@ profile acpi-powerbtn flags=(attach_disconnected) {
 
           /dev/tty       rw,
     owner /dev/tty@{int} rw,
+
+    include if exists <local/acpi-powerbtn_fgconsole>
   }
 
   profile bus flags=(complain) {
diff --git a/apparmor.d/profiles-a-f/adequate b/apparmor.d/profiles-a-f/adequate
index 404a0984..6f2e1d5c 100644
--- a/apparmor.d/profiles-a-f/adequate
+++ b/apparmor.d/profiles-a-f/adequate
@@ -64,6 +64,7 @@ profile adequate @{exec_path} flags=(complain) {
     @{lib}/@{multiarch}/ld-*.so rix,
     @{lib}{,x}32/ld-*.so        rix,
 
+    include if exists <local/adequate_ldd>
   }
 
   profile frontend flags=(complain) {
@@ -98,6 +99,7 @@ profile adequate @{exec_path} flags=(complain) {
 
     /etc/shadow r,
 
+    include if exists <local/adequate_frontend>
   }
 
   profile pkg-config flags=(complain) {
@@ -105,6 +107,7 @@ profile adequate @{exec_path} flags=(complain) {
 
     @{bin}/pkg-config mr,
 
+    include if exists <local/adequate_pkg-config>
   }
 
   include if exists <local/adequate>
diff --git a/apparmor.d/profiles-a-f/anacron b/apparmor.d/profiles-a-f/anacron
index 06c50aee..3e7c9d09 100644
--- a/apparmor.d/profiles-a-f/anacron
+++ b/apparmor.d/profiles-a-f/anacron
@@ -39,7 +39,7 @@ profile anacron @{exec_path} {
     owner @{tmp}/#@{int} rw,
     owner @{tmp}/file@{rand6} rw,
 
-   include if exists <local/anacron_run_parts>
+    include if exists <local/anacron_run-parts>
   }
 
   include if exists <local/anacron>
diff --git a/apparmor.d/profiles-a-f/archivemount b/apparmor.d/profiles-a-f/archivemount
index 6489139d..64f25e18 100644
--- a/apparmor.d/profiles-a-f/archivemount
+++ b/apparmor.d/profiles-a-f/archivemount
@@ -29,7 +29,6 @@ profile archivemount @{exec_path} {
 
   /dev/fuse rw,
 
-
   profile fusermount {
     include <abstractions/base>
     include <abstractions/nameservice-strict>
@@ -52,6 +51,7 @@ profile archivemount @{exec_path} {
 
     @{PROC}/@{pid}/mounts r,
 
+    include if exists <local/archivemount_fusermount>
   }
 
   include if exists <local/archivemount>
diff --git a/apparmor.d/profiles-a-f/aspell-autobuildhash b/apparmor.d/profiles-a-f/aspell-autobuildhash
index 9920fb2b..769f15cf 100644
--- a/apparmor.d/profiles-a-f/aspell-autobuildhash
+++ b/apparmor.d/profiles-a-f/aspell-autobuildhash
@@ -69,6 +69,7 @@ profile aspell-autobuildhash @{exec_path} flags=(complain) {
     owner @{PROC}/@{pid}/mounts r,
     @{HOME}/.Xauthority r,
 
+    include if exists <local/aspell-autobuildhash_frontend>
   }
 
   include if exists <local/aspell-autobuildhash>
diff --git a/apparmor.d/profiles-a-f/changestool b/apparmor.d/profiles-a-f/changestool
index 6ff8ed55..c7324304 100644
--- a/apparmor.d/profiles-a-f/changestool
+++ b/apparmor.d/profiles-a-f/changestool
@@ -33,6 +33,7 @@ profile changestool @{exec_path} {
     owner @{HOME}/@{XDG_GPG_DIR}/ r,
     owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
 
+    include if exists <local/changestool_gpg>
   }
 
   include if exists <local/changestool>
diff --git a/apparmor.d/profiles-a-f/check-support-status b/apparmor.d/profiles-a-f/check-support-status
index 1a1d4bfd..313fa6c5 100644
--- a/apparmor.d/profiles-a-f/check-support-status
+++ b/apparmor.d/profiles-a-f/check-support-status
@@ -65,7 +65,6 @@ profile check-support-status @{exec_path} {
   /usr/share/debian-security-support/ r,
   /usr/share/debian-security-support/* r,
 
-
   profile debconf-escape {
     include <abstractions/base>
     include <abstractions/perl>
@@ -75,6 +74,7 @@ profile check-support-status @{exec_path} {
 
     owner @{tmp}/debian-security-support.postinst.*/output r,
 
+    include if exists <local/check-support-status_debconf-escape>
   }
 
   include if exists <local/check-support-status>
diff --git a/apparmor.d/profiles-a-f/check-support-status-hook b/apparmor.d/profiles-a-f/check-support-status-hook
index b77bcfd6..5eb0eda0 100644
--- a/apparmor.d/profiles-a-f/check-support-status-hook
+++ b/apparmor.d/profiles-a-f/check-support-status-hook
@@ -58,6 +58,7 @@ profile check-support-status-hook @{exec_path} {
           /tmp/ r,
     owner @{tmp}/debian-security-support.postinst.*/output r,
 
+    include if exists <local/check-support-status-hook_debconf-escape>
   }
 
   profile frontend {
@@ -90,6 +91,7 @@ profile check-support-status-hook @{exec_path} {
     owner @{PROC}/@{pid}/mounts r,
     @{HOME}/.Xauthority r,
 
+    include if exists <local/check-support-status-hook_frontend>
   }
 
   profile runuser {
@@ -124,6 +126,8 @@ profile check-support-status-hook @{exec_path} {
 
           /tmp/ r,
     owner @{tmp}/debian-security-support.postinst.*/output w,
+
+    include if exists <local/check-support-status-hook_runuser>
   }
 
   include if exists <local/check-support-status-hook>
diff --git a/apparmor.d/profiles-a-f/chpasswd b/apparmor.d/profiles-a-f/chpasswd
index 1fd84f53..fb8438cc 100644
--- a/apparmor.d/profiles-a-f/chpasswd
+++ b/apparmor.d/profiles-a-f/chpasswd
@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+abi <abi/4.0>,
+
 include <tunables/global>
 
 @{exec_path} = @{bin}/chpasswd
diff --git a/apparmor.d/profiles-a-f/claws-mail b/apparmor.d/profiles-a-f/claws-mail
index 82387d04..7c5486c5 100644
--- a/apparmor.d/profiles-a-f/claws-mail
+++ b/apparmor.d/profiles-a-f/claws-mail
@@ -66,6 +66,7 @@ profile claws-mail @{exec_path} flags=(complain) {
     owner @{HOME}/@{XDG_GPG_DIR}/ rw,
     owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
 
+    include if exists <local/claws-mail_gpg>
   }
 
   include if exists <local/claws-mail>
diff --git a/apparmor.d/profiles-a-f/conky b/apparmor.d/profiles-a-f/conky
index 9116a116..3c059abc 100644
--- a/apparmor.d/profiles-a-f/conky
+++ b/apparmor.d/profiles-a-f/conky
@@ -200,6 +200,7 @@ profile conky @{exec_path} {
     deny @{PROC}/@{pid}/net/route r,
     deny @{sys}/devices/**/hwmon/**/temp*_input r,
 
+    include if exists <local/conky_browse>
   }
 
   include if exists <local/conky>
diff --git a/apparmor.d/profiles-a-f/cupsd b/apparmor.d/profiles-a-f/cupsd
index 9511c749..ac998474 100644
--- a/apparmor.d/profiles-a-f/cupsd
+++ b/apparmor.d/profiles-a-f/cupsd
@@ -2,6 +2,8 @@
 # Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+abi <abi/4.0>,
+
 include <tunables/global>
 
 @{exec_path} = @{bin}/cupsd
diff --git a/apparmor.d/profiles-a-f/deluser b/apparmor.d/profiles-a-f/deluser
index eac7429b..1f2e8657 100644
--- a/apparmor.d/profiles-a-f/deluser
+++ b/apparmor.d/profiles-a-f/deluser
@@ -48,6 +48,7 @@ profile deluser @{exec_path} {
 
     @{sys}/devices/virtual/block/**/name r,
 
+    include if exists <local/deluser_mount>
   }
 
   include if exists <local/deluser>
diff --git a/apparmor.d/profiles-a-f/dhclient-script b/apparmor.d/profiles-a-f/dhclient-script
index 1552ee0e..b650498c 100644
--- a/apparmor.d/profiles-a-f/dhclient-script
+++ b/apparmor.d/profiles-a-f/dhclient-script
@@ -77,6 +77,7 @@ profile dhclient-script @{exec_path} {
     # file_inherit
     owner /var/lib/dhcp/dhclient.leases r,
 
+    include if exists <local/dhclient-script_run-parts>
   }
 
   include if exists <local/dhclient-script>
diff --git a/apparmor.d/profiles-a-f/dlocate b/apparmor.d/profiles-a-f/dlocate
index ff042c32..9f78af63 100644
--- a/apparmor.d/profiles-a-f/dlocate
+++ b/apparmor.d/profiles-a-f/dlocate
@@ -49,7 +49,6 @@ profile dlocate @{exec_path} {
 
   / r,
 
-
   profile md5sum {
     include <abstractions/base>
 
@@ -59,6 +58,7 @@ profile dlocate @{exec_path} {
     /boot/** r,
     /usr/** r,
 
+    include if exists <local/dlocate_md5sum>
   }
 
   include if exists <local/dlocate>
diff --git a/apparmor.d/profiles-a-f/etckeeper b/apparmor.d/profiles-a-f/etckeeper
index d42b07de..023d13b4 100644
--- a/apparmor.d/profiles-a-f/etckeeper
+++ b/apparmor.d/profiles-a-f/etckeeper
@@ -73,6 +73,7 @@ profile etckeeper @{exec_path} {
 
     owner @{PROC}/@{pid}/fd/ r,
 
+    include if exists <local/etckeeper_gpg>
   }
 
   include if exists <local/etckeeper>
diff --git a/apparmor.d/profiles-a-f/execute-dput b/apparmor.d/profiles-a-f/execute-dput
index 915213da..0decde05 100644
--- a/apparmor.d/profiles-a-f/execute-dput
+++ b/apparmor.d/profiles-a-f/execute-dput
@@ -46,6 +46,7 @@ profile execute-dput @{exec_path} flags=(complain) {
     owner @{HOME}/@{XDG_GPG_DIR}/ rw,
     owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
 
+    include if exists <local/execute-dput_gpg>
   }
 
   include if exists <local/execute-dput>
diff --git a/apparmor.d/profiles-a-f/frontend b/apparmor.d/profiles-a-f/frontend
index 51bfc361..ac8a6a5a 100644
--- a/apparmor.d/profiles-a-f/frontend
+++ b/apparmor.d/profiles-a-f/frontend
@@ -121,6 +121,7 @@ profile frontend @{exec_path} flags=(complain) {
           /tmp/     r,
     owner @{tmp}/**   rw,
 
+    include if exists <local/frontend_scripts>
   }
 
   include if exists <local/frontend>
diff --git a/apparmor.d/profiles-a-f/fuseiso b/apparmor.d/profiles-a-f/fuseiso
index 330a8b07..ed2bcc93 100644
--- a/apparmor.d/profiles-a-f/fuseiso
+++ b/apparmor.d/profiles-a-f/fuseiso
@@ -58,6 +58,7 @@ profile fuseiso @{exec_path} {
 
     /dev/fuse rw,
 
+    include if exists <local/fuseiso_fusermount>
   }
 
   include if exists <local/fuseiso>
diff --git a/apparmor.d/profiles-a-f/fwupdmgr b/apparmor.d/profiles-a-f/fwupdmgr
index 382822fa..1ec9fe65 100644
--- a/apparmor.d/profiles-a-f/fwupdmgr
+++ b/apparmor.d/profiles-a-f/fwupdmgr
@@ -54,7 +54,7 @@ profile fwupdmgr @{exec_path} flags=(attach_disconnected) {
   profile bus flags=(attach_disconnected) {
     include <abstractions/base>
     include <abstractions/app/bus>
-    include if exists <local/fwupdmgr_dbus>
+    include if exists <local/fwupdmgr_bus>
   }
 
   include if exists <local/fwupdmgr>
diff --git a/apparmor.d/profiles-g-l/gpartedbin b/apparmor.d/profiles-g-l/gpartedbin
index e6f32d27..6cc77b9b 100644
--- a/apparmor.d/profiles-g-l/gpartedbin
+++ b/apparmor.d/profiles-g-l/gpartedbin
@@ -94,7 +94,7 @@ profile gpartedbin @{exec_path} {
 
     @{bin}/mount mr,
 
-    include if exists <local/gpartedbin_umount>
+    include if exists <local/gpartedbin_mount>
   }
 
   profile umount {
diff --git a/apparmor.d/profiles-g-l/i3lock-fancy b/apparmor.d/profiles-g-l/i3lock-fancy
index 242c43de..78c5081d 100644
--- a/apparmor.d/profiles-g-l/i3lock-fancy
+++ b/apparmor.d/profiles-g-l/i3lock-fancy
@@ -67,6 +67,7 @@ profile i3lock-fancy @{exec_path} {
     # file_inherit
     owner /dev/tty@{int} rw,
 
+    include if exists <local/i3lock-fancy_imagemagic>
   }
 
   include if exists <local/i3lock-fancy>
diff --git a/apparmor.d/profiles-g-l/ifup b/apparmor.d/profiles-g-l/ifup
index 7df4e5ea..c800267c 100644
--- a/apparmor.d/profiles-g-l/ifup
+++ b/apparmor.d/profiles-g-l/ifup
@@ -92,6 +92,7 @@ profile ifup @{exec_path} {
     /etc/network/if-up.d/openvpn               rPUx,
     /etc/network/if-up.d/wpasupplicant         rPUx,
 
+    include if exists <local/ifup_run-parts>
   }
 
   profile kmod {
diff --git a/apparmor.d/profiles-g-l/imv-wayland b/apparmor.d/profiles-g-l/imv
similarity index 94%
rename from apparmor.d/profiles-g-l/imv-wayland
rename to apparmor.d/profiles-g-l/imv
index d8394593..f75e4c95 100644
--- a/apparmor.d/profiles-g-l/imv-wayland
+++ b/apparmor.d/profiles-g-l/imv
@@ -25,7 +25,7 @@ profile imv @{exec_path} {
 
   owner @{run}/user/@{uid}/imv-*.sock w,
 
-  include if exists <local/imv-wayland>
+  include if exists <local/imv>
 }
 
 # vim:syntax=apparmor
diff --git a/apparmor.d/profiles-g-l/initd-kexec-load b/apparmor.d/profiles-g-l/initd-kexec-load
index eb5b6ead..1b27d1a4 100644
--- a/apparmor.d/profiles-g-l/initd-kexec-load
+++ b/apparmor.d/profiles-g-l/initd-kexec-load
@@ -48,6 +48,7 @@ profile initd-kexec-load @{exec_path} {
 
     /etc/default/kexec.d/ r,
 
+    include if exists <local/initd-kexec-load_run-parts>
   }
 
   profile systemctl {
@@ -74,6 +75,7 @@ profile initd-kexec-load @{exec_path} {
     owner @{run}/systemd/ask-password/ rw,
     owner @{run}/systemd/ask-password-block/* rw,
 
+    include if exists <local/initd-kexec-load_systemctl>
   }
 
   include if exists <local/initd-kexec-load>
diff --git a/apparmor.d/profiles-g-l/jmtpfs b/apparmor.d/profiles-g-l/jmtpfs
index 57ab39a7..eb51b123 100644
--- a/apparmor.d/profiles-g-l/jmtpfs
+++ b/apparmor.d/profiles-g-l/jmtpfs
@@ -58,6 +58,7 @@ profile jmtpfs @{exec_path} {
 
     @{PROC}/@{pid}/mounts r,
 
+    include if exists <local/jmtpfs_fusermount>
   }
 
   include if exists <local/jmtpfs>
diff --git a/apparmor.d/profiles-g-l/linux-check-removal b/apparmor.d/profiles-g-l/linux-check-removal
index 9854fd55..a0c18403 100644
--- a/apparmor.d/profiles-g-l/linux-check-removal
+++ b/apparmor.d/profiles-g-l/linux-check-removal
@@ -46,6 +46,7 @@ profile linux-check-removal @{exec_path} flags=(complain) {
     owner /var/cache/debconf/{config,passwords,templates}.dat{,-new,-old} rwk,
     /usr/share/debconf/templates/adequate.templates r,
 
+    include if exists <local/linux-check-removal_frontend>
   }
 
   include if exists <local/linux-check-removal>
diff --git a/apparmor.d/profiles-m-r/murmurd b/apparmor.d/profiles-m-r/murmurd
index aca74e56..9d7663eb 100644
--- a/apparmor.d/profiles-m-r/murmurd
+++ b/apparmor.d/profiles-m-r/murmurd
@@ -2,6 +2,8 @@
 # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+abi <abi/4.0>,
+
 include <tunables/global>
 
 @{exec_path} = @{bin}/murmurd
diff --git a/apparmor.d/profiles-m-r/obexfs b/apparmor.d/profiles-m-r/obexfs
index 07eb4a20..5a9d0dfb 100644
--- a/apparmor.d/profiles-m-r/obexfs
+++ b/apparmor.d/profiles-m-r/obexfs
@@ -48,6 +48,7 @@ profile obexfs @{exec_path} {
 
     @{PROC}/@{pid}/mounts r,
 
+    include if exists <local/obexfs_fusermount>
   }
 
   include if exists <local/obexfs>
diff --git a/apparmor.d/profiles-m-r/pam-auth-update b/apparmor.d/profiles-m-r/pam-auth-update
index e9da3686..e2846f8e 100644
--- a/apparmor.d/profiles-m-r/pam-auth-update
+++ b/apparmor.d/profiles-m-r/pam-auth-update
@@ -60,6 +60,7 @@ profile pam-auth-update @{exec_path} flags=(complain) {
 
     /etc/shadow r,
 
+    include if exists <local/pam-auth-update_frontend>
   }
 
   include if exists <local/pam-auth-update>
diff --git a/apparmor.d/profiles-m-r/reprepro b/apparmor.d/profiles-m-r/reprepro
index 7710953b..866b7cbf 100644
--- a/apparmor.d/profiles-m-r/reprepro
+++ b/apparmor.d/profiles-m-r/reprepro
@@ -55,7 +55,6 @@ profile reprepro @{exec_path} {
   owner @{user_build_dirs}/pbuilder/result/*.deb r,
   owner @{user_build_dirs}/pbuilder/result/*.tar.* r,
 
-
   profile gpg {
     include <abstractions/base>
 
@@ -66,6 +65,7 @@ profile reprepro @{exec_path} {
     owner @{HOME}/@{XDG_GPG_DIR}/ rw,
     owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
 
+    include if exists <local/reprepro_gpg>
   }
 
   include if exists <local/reprepro>
diff --git a/apparmor.d/profiles-m-r/run-parts b/apparmor.d/profiles-m-r/run-parts
index 1347ca21..69e8c4d0 100644
--- a/apparmor.d/profiles-m-r/run-parts
+++ b/apparmor.d/profiles-m-r/run-parts
@@ -191,6 +191,8 @@ profile run-parts @{exec_path} {
     @{PROC}/@{pids}/mounts r,
 
     /dev/tty@{int} rw,
+
+    include if exists <local/run-parts_motd>
   }
 
   profile kernel {
@@ -248,6 +250,7 @@ profile run-parts @{exec_path} {
     @{PROC}/devices r,
     @{PROC}/cmdline r,
 
+    include if exists <local/run-parts_kernel>
   }
 
   include if exists <local/run-parts>
diff --git a/apparmor.d/profiles-s-z/sensors-detect b/apparmor.d/profiles-s-z/sensors-detect
index ea81f659..b781ae1d 100644
--- a/apparmor.d/profiles-s-z/sensors-detect
+++ b/apparmor.d/profiles-s-z/sensors-detect
@@ -50,7 +50,7 @@ profile sensors-detect @{exec_path} {
     include <abstractions/base>
     include <abstractions/app/kmod>
 
-    include if exists <local/sensors-detect_udevadm>
+    include if exists <local/sensors-detect_kmod>
   }
 
   profile systemctl {
diff --git a/apparmor.d/profiles-s-z/tasksel b/apparmor.d/profiles-s-z/tasksel
index 9073591f..bc2779d5 100644
--- a/apparmor.d/profiles-s-z/tasksel
+++ b/apparmor.d/profiles-s-z/tasksel
@@ -40,13 +40,13 @@ profile tasksel @{exec_path} flags=(complain) {
 
   owner @{tmp}/file* w,
 
-
   profile tasksel-tests flags=(complain) {
     include <abstractions/base>
 
     @{lib}/tasksel/tests/* r,
     @{sh_path}        rix,
 
+    include if exists <local/tasksel_tasksel-tests>
   }
 
   profile frontend flags=(complain) {
@@ -76,6 +76,7 @@ profile tasksel @{exec_path} flags=(complain) {
 
     /etc/shadow r,
 
+    include if exists <local/tasksel_frontend>
   }
 
   include if exists <local/tasksel>
diff --git a/apparmor.d/profiles-s-z/update-dlocatedb b/apparmor.d/profiles-s-z/update-dlocatedb
index c0f3a9cb..c0e64f0f 100644
--- a/apparmor.d/profiles-s-z/update-dlocatedb
+++ b/apparmor.d/profiles-s-z/update-dlocatedb
@@ -58,6 +58,7 @@ profile update-dlocatedb @{exec_path} {
     @{bin}/gzip rix,
     /var/lib/dlocate/dlocatedb.gz rw,
 
+    include if exists <local/update-dlocatedb_updatedb>
   }
 
   include if exists <local/update-dlocatedb>
diff --git a/apparmor.d/profiles-s-z/update-pciids b/apparmor.d/profiles-s-z/update-pciids
index 5f5b39ec..3d07f75d 100644
--- a/apparmor.d/profiles-s-z/update-pciids
+++ b/apparmor.d/profiles-s-z/update-pciids
@@ -62,6 +62,7 @@ profile update-pciids @{exec_path} {
     /usr/share/misc/pci.ids.new w,
     /usr/share/misc/pci.ids.gz.new w,
 
+    include if exists <local/update-pciids_browse>
   }
 
   include if exists <local/update-pciids>
diff --git a/apparmor.d/profiles-s-z/update-smart-drivedb b/apparmor.d/profiles-s-z/update-smart-drivedb
index 2dcd3cc9..2ce61ceb 100644
--- a/apparmor.d/profiles-s-z/update-smart-drivedb
+++ b/apparmor.d/profiles-s-z/update-smart-drivedb
@@ -58,6 +58,7 @@ profile update-smart-drivedb @{exec_path} {
     owner /var/lib/smartmontools/drivedb/.gnupg.@{int}.tmp/ rw,
     owner /var/lib/smartmontools/drivedb/.gnupg.@{int}.tmp/** rwkl -> /var/lib/smartmontools/drivedb/.gnupg.@{int}.tmp/**,
 
+    include if exists <local/update-smart-drivedb_gpg>
   }
 
   profile browse {
@@ -88,6 +89,7 @@ profile update-smart-drivedb @{exec_path} {
 
     /var/lib/smartmontools/drivedb/drivedb.h.new{,.raw.asc} w,
 
+    include if exists <local/update-smart-drivedb_browse>
   }
 
   include if exists <local/update-smart-drivedb>
diff --git a/apparmor.d/profiles-s-z/uupdate b/apparmor.d/profiles-s-z/uupdate
index 2d429135..8858a80f 100644
--- a/apparmor.d/profiles-s-z/uupdate
+++ b/apparmor.d/profiles-s-z/uupdate
@@ -50,7 +50,7 @@ profile uupdate @{exec_path} flags=(complain) {
   # For package building
   owner @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**,
 
-  include if exists <local/uupdates>
+  include if exists <local/uupdate>
 }
 
 # vim:syntax=apparmor
diff --git a/apparmor.d/profiles-s-z/yadifad b/apparmor.d/profiles-s-z/yadifad
index bb896bd8..15599fa7 100644
--- a/apparmor.d/profiles-s-z/yadifad
+++ b/apparmor.d/profiles-s-z/yadifad
@@ -2,6 +2,8 @@
 # Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
+abi <abi/4.0>,
+
 include <tunables/global>
 
 @{exec_path} = @{bin}/yadifad
diff --git a/apparmor.d/profiles-s-z/youtube-viewer b/apparmor.d/profiles-s-z/youtube-viewer
index ac8e8f21..46b0c6c0 100644
--- a/apparmor.d/profiles-s-z/youtube-viewer
+++ b/apparmor.d/profiles-s-z/youtube-viewer
@@ -32,12 +32,6 @@ profile youtube-viewer @{exec_path} {
 
   @{bin}/wget       rCx -> wget,
 
-  owner @{user_config_dirs}/youtube-viewer/{,*} rw,
-  owner @{user_cache_dirs}/youtube-viewer/{,*} rw,
-  owner @{HOME}/Downloads/youtube-viewer/{,*} rw,
-
-  /etc/inputrc r,
-
   # Players
   @{bin}/mpv      rPUx,
   @{bin}/vlc      rPUx,
@@ -45,6 +39,11 @@ profile youtube-viewer @{exec_path} {
 
   @{bin}/ffmpeg   rPUx,
 
+  /etc/inputrc r,
+
+  owner @{user_config_dirs}/youtube-viewer/{,*} rw,
+  owner @{user_cache_dirs}/youtube-viewer/{,*} rw,
+  owner @{HOME}/Downloads/youtube-viewer/{,*} rw,
 
   profile wget {
     include <abstractions/base>
@@ -62,6 +61,7 @@ profile youtube-viewer @{exec_path} {
     owner @{HOME}/.wget-hsts r,
     owner @{HOME}/wget-log{,.@{int}} rw,
 
+    include if exists <local/youtube-viewer_wget>
   }
 
   include if exists <local/youtube-viewer>