diff --git a/apparmor.d/groups/network/NetworkManager b/apparmor.d/groups/network/NetworkManager
index 1f881e3e..e5beed87 100644
--- a/apparmor.d/groups/network/NetworkManager
+++ b/apparmor.d/groups/network/NetworkManager
@@ -105,8 +105,8 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
   / r,
   /etc/ r,
   /etc/machine-id r,
-  /etc/resolv.conf rw,
-  /etc/resolv.conf.[0-9A-Z]* rw,
+  @{etc_rw}/resolv.conf rw,
+  @{etc_rw}/resolv.conf.[0-9A-Z]* rw,
   /etc/network/interfaces r,
   /etc/network/interfaces.d/{,*} r,
 
diff --git a/apparmor.d/groups/network/mullvad-daemon b/apparmor.d/groups/network/mullvad-daemon
index 0b94c533..6484e034 100644
--- a/apparmor.d/groups/network/mullvad-daemon
+++ b/apparmor.d/groups/network/mullvad-daemon
@@ -36,8 +36,8 @@ profile mullvad-daemon @{exec_path} flags=(attach_disconnected) {
 
   /etc/mullvad-vpn/{,*} r,
   /etc/mullvad-vpn/*.json rw,
-  /etc/resolv.conf rw,
-  /etc/resolv.conf.mullvadbackup rw,
+  @{etc_rw}/resolv.conf rw,
+  @{etc_rw}/resolv.conf.mullvadbackup rw,
 
   /var/cache/mullvad-vpn/{,*} rw,
   /var/log/mullvad-vpn/{,*} rw,
@@ -59,4 +59,4 @@ profile mullvad-daemon @{exec_path} flags=(attach_disconnected) {
   /dev/net/tun rw,
 
   include if exists <local/mullvad-daemon>
-}
\ No newline at end of file
+}
diff --git a/apparmor.d/groups/network/tailscaled b/apparmor.d/groups/network/tailscaled
index 3bdef0d6..91be1c1f 100644
--- a/apparmor.d/groups/network/tailscaled
+++ b/apparmor.d/groups/network/tailscaled
@@ -37,9 +37,9 @@ profile tailscaled @{exec_path} flags=(attach_disconnected) {
 
   /etc/iproute2/rt_tables r,
 
-  /etc/resolv.*.conf rw,
-  /etc/resolv.conf rw,
-  /etc/resolv.conf.*.tmp rw,
+  @{etc_rw}/resolv.*.conf rw,
+  @{etc_rw}/resolv.conf rw,
+  @{etc_rw}/resolv.conf.*.tmp rw,
 
   owner @{run}/tailscale/{,**} rw,
   owner /var/cache/{,**} rw,
@@ -80,4 +80,4 @@ profile tailscaled @{exec_path} flags=(attach_disconnected) {
   }
 
   include if exists <local/tailscaled>
-}
\ No newline at end of file
+}
diff --git a/apparmor.d/groups/systemd/systemd-timedated b/apparmor.d/groups/systemd/systemd-timedated
index ddd2c425..21911870 100644
--- a/apparmor.d/groups/systemd/systemd-timedated
+++ b/apparmor.d/groups/systemd/systemd-timedated
@@ -34,8 +34,8 @@ profile systemd-timedated @{exec_path} flags=(attach_disconnected) {
 
   /dev/rtc[0-9] r,
 
-  /etc/.#adjtime* rw,
-  /etc/adjtime rw,
+  @{etc_rw}/.#adjtime* rw,
+  @{etc_rw}/adjtime rw,
 
   /etc/.#localtime* rw,
   /etc/localtime rw,
diff --git a/apparmor.d/groups/systemd/systemd-timesyncd b/apparmor.d/groups/systemd/systemd-timesyncd
index 2f60b0ab..3b6ea99d 100644
--- a/apparmor.d/groups/systemd/systemd-timesyncd
+++ b/apparmor.d/groups/systemd/systemd-timesyncd
@@ -31,7 +31,7 @@ profile systemd-timesyncd @{exec_path} flags=(attach_disconnected) {
 
   @{exec_path} mr,
 
-  /etc/adjtime r,
+  @{etc_rw}/adjtime r,
   /etc/systemd/timesyncd.conf r,
   /etc/systemd/timesyncd.conf.d/{,**} r,
 
diff --git a/apparmor.d/groups/virt/libvirtd b/apparmor.d/groups/virt/libvirtd
index 480b0d7c..52b178ec 100644
--- a/apparmor.d/groups/virt/libvirtd
+++ b/apparmor.d/groups/virt/libvirtd
@@ -132,8 +132,8 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
   /usr/share/mime/mime.cache r,
   /usr/share/qemu/{,**} r,
 
-  /etc/apparmor.d/libvirt/libvirt-@{uuid} r,
-  /etc/libvirt/{,**} rw,
+  @{etc_rw}/apparmor.d/libvirt/libvirt-@{uuid} r,
+  @{etc_rw}/libvirt/{,**} rw,
   /etc/mdevctl.d/{,**} r,
   /etc/xml/catalog r,
 
@@ -243,7 +243,7 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
 
   # Force the use of virt-aa-helper
   audit deny /{usr/,}{s,}bin/apparmor_parser rwxl,
-  audit deny /etc/apparmor.d/libvirt/** wxl,
+  audit deny @{etc_rw}/apparmor.d/libvirt/** wxl,
   audit deny @{sys}/kernel/security/apparmor/features rwxl,
   audit deny @{sys}/kernel/security/apparmor/matching rwxl,
   audit deny @{sys}/kernel/security/apparmor/.* rwxl,
diff --git a/apparmor.d/groups/virt/virt-aa-helper b/apparmor.d/groups/virt/virt-aa-helper
index 43c8199f..ebf5ff34 100644
--- a/apparmor.d/groups/virt/virt-aa-helper
+++ b/apparmor.d/groups/virt/virt-aa-helper
@@ -23,7 +23,7 @@ profile virt-aa-helper @{exec_path} {
   /{usr/,}{s,}bin/apparmor_parser rPx,
 
   /etc/apparmor.d/libvirt/* r,
-  /etc/apparmor.d/libvirt/libvirt-@{uuid} rw,
+  @{etc_rw}/apparmor.d/libvirt/libvirt-@{uuid} rw,
 
   /etc/libnl{,-3}/classid r,   # Allow reading libnl's classid file
   
diff --git a/apparmor.d/profiles-a-f/blkid b/apparmor.d/profiles-a-f/blkid
index 1d3735e8..10511182 100644
--- a/apparmor.d/profiles-a-f/blkid
+++ b/apparmor.d/profiles-a-f/blkid
@@ -23,8 +23,8 @@ profile blkid @{exec_path} {
   @{run}/blkid/blkid.tab{,-*} rw,
   @{run}/blkid/blkid.tab.old rwl -> @{run}/blkid/blkid.tab,
   # When the system doesn't have the /run/ dir, the cache file is placed under /etc/
-  /etc/blkid.tab{,-*} rw,
-  /etc/blkid.tab.old rwl -> /etc/blkid.tab,
+  @{etc_rw}/blkid.tab{,-*} rw,
+  @{etc_rw}/blkid.tab.old rwl -> /etc/blkid.tab,
 
   # For the EVALUATE=scan method
   @{PROC}/partitions r,
diff --git a/apparmor.d/profiles-a-f/dhclient-script b/apparmor.d/profiles-a-f/dhclient-script
index 2984b0e5..cac62f6c 100644
--- a/apparmor.d/profiles-a-f/dhclient-script
+++ b/apparmor.d/profiles-a-f/dhclient-script
@@ -50,9 +50,9 @@ profile dhclient-script @{exec_path} {
   /etc/fstab r,
   /etc/iproute2/rt_tables r,
   /etc/iproute2/rt_tables.d/{,*} r,
-  /etc/resolv.conf rw,
-  /etc/resolv.conf.dhclient-new.@{pid} rw,
-  /etc/samba/dhcp.conf{,.new} rw,
+  @{etc_rw}/resolv.conf rw,
+  @{etc_rw}/resolv.conf.dhclient-new.@{pid} rw,
+  @{etc_rw}/samba/dhcp.conf{,.new} rw,
 
   /var/lib/dhcp/dhclient.leases r,
   /var/lib/samba/dhcp.conf{,.new} rw,
diff --git a/apparmor.d/profiles-g-l/lvm b/apparmor.d/profiles-g-l/lvm
index 1d5ccac2..8f386fae 100644
--- a/apparmor.d/profiles-g-l/lvm
+++ b/apparmor.d/profiles-g-l/lvm
@@ -19,7 +19,7 @@ profile lvm @{exec_path} {
 
   @{exec_path} rm,
 
-  /etc/lvm/** r,
+  @{etc_rw}/lvm/** r,
 
   @{run}/lvm/** rwk,
   @{run}/lock/lvm/* rwk,
diff --git a/apparmor.d/profiles-g-l/lvmconfig b/apparmor.d/profiles-g-l/lvmconfig
index 3172a457..6511c3de 100644
--- a/apparmor.d/profiles-g-l/lvmconfig
+++ b/apparmor.d/profiles-g-l/lvmconfig
@@ -13,8 +13,7 @@ profile lvmconfig @{exec_path} {
 
   @{exec_path} rm,
 
-  /etc/lvm/** rw,
+  @{etc_rw}/lvm/** rw,
 
   include if exists <local/lvmconfig>
 }
-
diff --git a/apparmor.d/profiles-m-r/polipo b/apparmor.d/profiles-m-r/polipo
index e2d9a0c3..a4ab05b3 100644
--- a/apparmor.d/profiles-m-r/polipo
+++ b/apparmor.d/profiles-m-r/polipo
@@ -22,7 +22,7 @@ profile polipo @{exec_path} {
   owner @{HOME}/.polipo-cache/{,*} rw,
 
   # Nameservice
-  /etc/resolv.conf r,
+  @{etc_rw}/resolv.conf r,
 
   include if exists <local/polipo>
 }
diff --git a/apparmor.d/profiles-m-r/resolvconf b/apparmor.d/profiles-m-r/resolvconf
index d5b5fdb8..c2014727 100644
--- a/apparmor.d/profiles-m-r/resolvconf
+++ b/apparmor.d/profiles-m-r/resolvconf
@@ -26,7 +26,7 @@ profile resolvconf @{exec_path} {
 
   /usr/lib/resolvconf/{,**} r,
 
-  /etc/resolv.conf rw,
+  @{etc_rw}/resolv.conf rw,
   /etc/resolvconf/{,**} r,
   /etc/resolvconf/update.d/libc rix,
 
@@ -36,4 +36,4 @@ profile resolvconf @{exec_path} {
   /dev/tty rw,
 
   include if exists <local/resolvconf>
-}
\ No newline at end of file
+}