diff --git a/apparmor.d/profiles-a-f/btop b/apparmor.d/profiles-a-f/btop
new file mode 100644
index 00000000..cd615a7d
--- /dev/null
+++ b/apparmor.d/profiles-a-f/btop
@@ -0,0 +1,49 @@
+# apparmor.d - Full set of apparmor profiles
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{,usr/}{,local/}bin/btop
+profile btop @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  capability sys_ptrace,
+
+  network netlink raw,
+
+  signal (send),
+  ptrace (read),
+
+  @{exec_path} mr,
+
+  /etc/fstab r,
+  /etc/passwd r,
+
+  owner @{user_config_dirs}/btop/{,**} rw,
+
+  @{sys}/class/power_supply/ r,
+  @{sys}/class/hwmon/ r,
+  @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_{cur,min,max}_freq r,
+  @{sys}/devices/virtual/thermal/thermal_zone[0-9]*/ r,
+  @{sys}/devices/virtual/thermal/thermal_zone[0-9]*/hwmon[0-9]*/{,*} r,
+  @{sys}/devices/platform/coretemp.[0-9]*/hwmon/hwmon[0-9]*/{,*} r,
+  @{sys}/devices/pci*/*/*/host[0-9]*/*/*/block/*/*/stat r,
+  @{sys}/devices/virtual/block/dm-[0-9]*/stat r,
+  @{sys}/devices/{pci*,virtual}/{,**/}net/*/statistics/{rx,tx}_bytes r,
+  @{sys}/devices/{pci*,virtual}/{,*/*/}net/*/address r,
+  @{sys}/devices/pci*/*/*/usb3/*/*/*/*/power_supply/hidpp_battery_[0-9]*/{,hwmon[0-9]*/} r,
+
+        @{PROC} r,
+        @{PROC}/loadavg r,
+        @{PROC}/uptime r,
+        @{PROC}/@{pid}/comm r,
+        @{PROC}/@{pid}/cmdline r,
+        @{PROC}/@{pid}/stat r,
+        @{PROC}/@{pid}/io r,
+  owner @{PROC}/@{pid}/mounts r,
+
+  include if exists <local/btop>
+}
diff --git a/apparmor.d/profiles-g-l/hostapd b/apparmor.d/profiles-g-l/hostapd
new file mode 100644
index 00000000..3e92b0a4
--- /dev/null
+++ b/apparmor.d/profiles-g-l/hostapd
@@ -0,0 +1,27 @@
+# apparmor.d - Full set of apparmor profiles
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{,usr/}{,s}bin/hostapd
+profile hostapd @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+
+  capability net_admin,
+  capability net_raw,
+
+  @{exec_path} mr,
+
+  /dev/rfkill r,
+
+  /etc/hostapd.conf r,
+  /etc/hostapd/{,*} r,
+
+  @{run}/hostapd/{,**} rw,
+  @{run}/hostapd.pid rw,
+
+  include if exists <local/hostapd>
+}
diff --git a/apparmor.d/profiles-g-l/lsd b/apparmor.d/profiles-g-l/lsd
new file mode 100644
index 00000000..0c090603
--- /dev/null
+++ b/apparmor.d/profiles-g-l/lsd
@@ -0,0 +1,21 @@
+# vim:syntax=apparmor
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{,usr/}{,local/}bin/lsd
+profile lsd @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+  include <abstractions/consoles>
+
+  capability dac_read_search,
+
+  @{exec_path} mr,
+
+  / r,
+  /**/ r,
+
+  include if exists <local/lsd>
+}
diff --git a/apparmor.d/profiles-m-r/murmurd b/apparmor.d/profiles-m-r/murmurd
new file mode 100644
index 00000000..5e8b94ac
--- /dev/null
+++ b/apparmor.d/profiles-m-r/murmurd
@@ -0,0 +1,53 @@
+# apparmor.d - Full set of apparmor profiles
+# SPDX-License-Identifier: GPL-2.0-only
+
+include <tunables/global>
+
+@{exec_path} = /{,usr/}{,s}bin/murmurd
+profile murmurd @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+  include <abstractions/openssl>
+  include <abstractions/dbus-strict>
+  include <abstractions/ssl_certs>
+
+  capability chown,
+  capability setgid,
+  capability setuid,
+  capability dac_override,
+  capability sys_resource,
+
+  network inet stream,
+  network inet6 stream,
+  network inet dgram,
+  network inet6 dgram,
+
+  @{exec_path} mr,
+
+  /{,usr/}bin/lsb_release Px -> lsb_release,
+
+  dbus send bus=system path=/
+       interface=org.freedesktop.DBus.Peer
+       member=Ping
+       peer=(name=org.freedesktop.Avahi, label=avahi-daemon),
+
+  /etc/mumble-server.ini r,
+
+  owner /var/lib/mumble-server/{,**}    rw,
+  owner /var/lib/mumble-server/*.sqlite rwk,
+
+  /var/log/mumble-server/*.log rw,
+
+  owner @{run}/mumble-server/*.pid rw,
+
+  # Silencer
+  deny / r,
+  deny /usr/{,local/}lib/ r,
+  deny /usr/lib32/ r,
+  deny /usr/lib64/ r,
+
+  # file_inherit
+  unix (send, receive) type=stream addr=none peer=(label=lsb_release),
+
+  include if exists <local/murmurd>
+}
diff --git a/apparmor.d/profiles-s-z/sslocal b/apparmor.d/profiles-s-z/sslocal
new file mode 100644
index 00000000..2ce04f3e
--- /dev/null
+++ b/apparmor.d/profiles-s-z/sslocal
@@ -0,0 +1,31 @@
+# apparmor.d - Full set of apparmor profiles
+# SPDX-License-Identifier: GPL-2.0-only
+
+# shadowsocks-rust only:
+# https://github.com/shadowsocks/shadowsocks-rust
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{,usr/}{,local/}bin/sslocal
+profile sslocal @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+  include <abstractions/consoles>
+
+  @{exec_path} mr,
+
+  network inet stream,
+  network inet6 stream,
+  network inet dgram,
+  network inet6 dgram,
+
+  /etc/shadowsocks-rust/local/*/ss.json{,5} r,
+
+  owner @{user_config_dirs}/shadowsocks-rust/local/*/ss.json{,5} r,
+
+  owner @{PROC}/@{pid}/cgroup r,
+
+  include if exists <local/sslocal>
+}
diff --git a/apparmor.d/profiles-s-z/ssmanager b/apparmor.d/profiles-s-z/ssmanager
new file mode 100644
index 00000000..affdd3e8
--- /dev/null
+++ b/apparmor.d/profiles-s-z/ssmanager
@@ -0,0 +1,31 @@
+# apparmor.d - Full set of apparmor profiles
+# SPDX-License-Identifier: GPL-2.0-only
+
+# shadowsocks-rust only:
+# https://github.com/shadowsocks/shadowsocks-rust
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{,usr/}{,local/}bin/ssmanager
+profile ssmanager @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+  include <abstractions/consoles>
+
+  network inet stream,
+  network inet6 stream,
+  network inet dgram,
+  network inet6 dgram,
+
+  @{exec_path} mr,
+
+  /etc/shadowsocks-rust/server/*/ss.json{,5} r,
+
+  owner @{user_config_dirs}/shadowsocks-rust/server/*/ss.json{,5} r,
+
+  owner @{PROC}/@{pid}/cgroup r,
+
+  include if exists <local/ssmanager>
+}
diff --git a/apparmor.d/profiles-s-z/ssserver b/apparmor.d/profiles-s-z/ssserver
new file mode 100644
index 00000000..23086db2
--- /dev/null
+++ b/apparmor.d/profiles-s-z/ssserver
@@ -0,0 +1,30 @@
+# apparmor.d - Full set of apparmor profiles
+# SPDX-License-Identifier: GPL-2.0-only
+
+# shadowsocks-rust only:
+# https://github.com/shadowsocks/shadowsocks-rust
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{,usr/}{,local/}bin/ssserver
+profile ssserver @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+
+  @{exec_path} mr,
+
+  network inet stream,
+  network inet6 stream,
+  network inet dgram,
+  network inet6 dgram,
+
+  /etc/shadowsocks-rust/server/*/ss.json{,5} r,
+
+  owner @{user_config_dirs}/shadowsocks-rust/server/*/ss.json{,5} r,
+
+  owner @{PROC}/@{pid}/cgroup r,
+
+  include if exists <local/ssserver>
+}
diff --git a/apparmor.d/profiles-s-z/ssservice b/apparmor.d/profiles-s-z/ssservice
new file mode 100644
index 00000000..5c63da5c
--- /dev/null
+++ b/apparmor.d/profiles-s-z/ssservice
@@ -0,0 +1,18 @@
+# apparmor.d - Full set of apparmor profiles
+# SPDX-License-Identifier: GPL-2.0-only
+
+# shadowsocks-rust only:
+# https://github.com/shadowsocks/shadowsocks-rust
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{,usr/}{,local/}bin/ssservice
+profile ssservice @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  include if exists <local/ssservice>
+}
diff --git a/apparmor.d/profiles-s-z/ssurl b/apparmor.d/profiles-s-z/ssurl
new file mode 100644
index 00000000..a0e1764b
--- /dev/null
+++ b/apparmor.d/profiles-s-z/ssurl
@@ -0,0 +1,26 @@
+# apparmor.d - Full set of apparmor profiles
+# SPDX-License-Identifier: GPL-2.0-only
+
+# shadowsocks-rust only:
+# https://github.com/shadowsocks/shadowsocks-rust
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{,usr/}{,local/}bin/ssurl
+profile ssurl @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+       capability dac_read_search,
+  deny capability dac_override,
+
+  @{exec_path} mr,
+
+  /etc/shadowsocks-rust/{server,local}/*/ss.json{,5} r,
+
+  owner @{user_config_dirs}/shadowsocks-rust/{server,local}/*/ss.json{,5} r,
+
+  include if exists <local/ssurl>
+}
diff --git a/apparmor.d/profiles-s-z/yadifad b/apparmor.d/profiles-s-z/yadifad
new file mode 100644
index 00000000..a80a44f3
--- /dev/null
+++ b/apparmor.d/profiles-s-z/yadifad
@@ -0,0 +1,38 @@
+# apparmor.d - Full set of apparmor profiles
+# SPDX-License-Identifier: GPL-2.0-only
+
+include <tunables/global>
+
+@{exec_path} = /{,usr/}{,s}bin/yadifad
+profile yadifad @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+  include <abstractions/openssl>
+  include <abstractions/nis>
+
+  capability dac_override,
+  capability chown,
+  capability setgid,
+  capability setuid,
+
+  network inet dgram,
+  network inet6 dgram,
+  network netlink raw,
+
+  @{exec_path} mr,
+
+  /etc/yadifa/yadifad.conf               r,
+
+        /var/lib/yadifa/**               r,
+  owner /var/lib/yadifa/ydf.??????       rw,
+  owner /var/lib/yadifa/keys/ydf.??????  rw,
+  owner /var/lib/yadifa/xfr/ydf.??????   rw,
+
+  /var/log/yadifa/*.log                  rw,
+  /var/log/yadifa/ydf.??????             rw,
+
+  owner @{run}/yadifa/yadifad.pid   rwk,
+  owner @{run}/yadifa/ydf.??????    rw,
+
+  include if exists <local/yadifad>
+}