diff --git a/profiles/apparmor.d/abstractions/private-files b/profiles/apparmor.d/abstractions/private-files
index 390fd1b1e..44100a7cc 100644
--- a/profiles/apparmor.d/abstractions/private-files
+++ b/profiles/apparmor.d/abstractions/private-files
@@ -1,6 +1,6 @@
 # vim:syntax=apparmor
-# privacy-violations contains rules for common files that you want to explicity
-# deny access
+# privacy-violations contains rules for common files that you want to
+# explicitly deny access
 
   # privacy violations (don't audit files under $HOME otherwise get a
   # lot of false positives when reading contents of directories)
@@ -16,6 +16,7 @@
   audit deny @{HOME}/bin/** wl,
   audit deny @{HOME}/.config/autostart/** wl,
   audit deny @{HOME}/.kde/Autostart/** wl,
+  audit deny @{HOME}/.pki/nssdb/*.so{,.[0-9]*} wl,
 
   # don't allow reading/updating of run control files
   deny @{HOME}/.*rc mrk,
diff --git a/profiles/apparmor.d/abstractions/private-files-strict b/profiles/apparmor.d/abstractions/private-files-strict
index 1885c2f30..c813a8339 100644
--- a/profiles/apparmor.d/abstractions/private-files-strict
+++ b/profiles/apparmor.d/abstractions/private-files-strict
@@ -1,6 +1,6 @@
 # vim:syntax=apparmor
 # privacy-violations-strict contains additional rules for sensitive
-# files that you want to explicity deny access
+# files that you want to explicitly deny access
 
   #include <abstractions/private-files>