diff --git a/apparmor.d/groups/gnome/goa-daemon b/apparmor.d/groups/gnome/goa-daemon
new file mode 100644
index 00000000..ea8b2229
--- /dev/null
+++ b/apparmor.d/groups/gnome/goa-daemon
@@ -0,0 +1,34 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}lib/goa-daemon
+profile goa-daemon @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+  include <abstractions/ssl_certs>
+  include <abstractions/p11-kit>
+  include <abstractions/openssl>
+
+  network inet stream,
+  network inet6 stream,
+  network inet dgram,
+  network inet6 dgram,
+  network netlink raw,
+
+  @{exec_path} mr,
+
+  /usr/share/glib-2.0/schemas/gschemas.compiled r,
+
+  owner @{user_config_dirs}/goa-1.0/accounts.conf r,
+
+  include <abstractions/dconf>
+  owner @{run}/user/[0-9]*/dconf/ rw,
+  owner @{run}/user/[0-9]*/dconf/user rw,
+
+  include if exists <local/goa-daemon>
+}
diff --git a/apparmor.d/groups/gnome/goa-identity-service b/apparmor.d/groups/gnome/goa-identity-service
new file mode 100644
index 00000000..edd1c533
--- /dev/null
+++ b/apparmor.d/groups/gnome/goa-identity-service
@@ -0,0 +1,20 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}lib/goa-identity-service
+profile goa-identity-service @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  # Kerberos authentication
+  /etc/krb5.conf r,
+  deny /etc/krb5.conf w,
+
+  include if exists <local/goa-identity-service>
+}