Just for the records: having AppArmor 2.8.x on SLE is not my fault ;-) - it was the decision of the SLE maintainers not to upgrade to 2.9 (which I proposed for SLE12, it would have solved quite some problems.) Also, I'm not the AppArmor maintainer for SLE (but help when needed). Also, I'm surprised that the profiles were replaced - AFAIK the files in /etc/apparmor.d/ are packaged as "noreplace". That said: Can you please check (rpm -qf) if / which package contains the mlmmj profiles? (The AppArmor package ships them in the "extras" directory [1] as inactive profiles, which means they are _not_ shipped in /etc/apparmor.d/.) [1] that's probably /etc/apparmor/profiles/extras/ on SLE, and /usr/share/apparmor/extra-profiles/ since AppArmor 2.9. Also, some questions about your changes: +/usr/bin/mlmmj-bounce { - /var/spool/mlmmj/*/subscribers.d rwl, # - /var/spool/mlmmj/*/subscribers.d/* rwl, + /var/spool/mlmmj/*/subscribers.d/ r, + /var/spool/mlmmj/*/subscribers.d/* r, I like reducing permissions, still - are you sure read-only is enough here? BTW: the queue and subconf directories also need a trailing slash (or can be removed from the profile if you don't find complaints about this in the audit.log ;-) +/usr/bin/mlmmj-sub { Another missing trailing slash for the "text" directory (or a superfluous rule ;-) After adjusting those details, please attach the full mlmmj profiles as tarball. Your diff doesn't cleanly apply to the upstream profiles (not too surprising, probably they changed in the meantime), so having the full files makes things easier for me ;-)