diff --git a/srcpkgs/apparmor-rules-upstream/template b/srcpkgs/apparmor-rules-upstream/template
new file mode 100644
index 00000000000000..c3fdb12818f348
--- /dev/null
+++ b/srcpkgs/apparmor-rules-upstream/template
@@ -0,0 +1,27 @@
+# Template file for 'apparmor-rules-upstream'
+pkgname=apparmor-rules-upstream
+version=2021.04.21
+revision=1
+_commit=92e27f5566eb5d6e0cd0c54c3bd4b656a3310dba
+wrksrc="apparmor-${_commit}"
+build_wrksrc="profiles"
+build_style=gnu-makefile
+conf_files="/etc/apparmor.d/local/*"
+hostmakedepends="which"
+short_desc="AppArmor upstream rules"
+maintainer="Paper <paper@tilde.institute>"
+license="LGPL-2.1-only"
+homepage="https://gitlab.com/apparmor/apparmor"
+changelog="https://gitlab.com/apparmor/apparmor/-/commits/master/profiles"
+distfiles="https://gitlab.com/apparmor/apparmor/-/archive/${_commit}/apparmor-${_commit}.tar.gz"
+checksum=2a3d7fd711ec01509027638b87584094e4f974ad7db2304adcc3494c7d11d06d
+make_check=no # circular dependency on apparmor_parser from the apparmor package
+
+post_patch() {
+	vsed -e 's|/usr/libexec/libvirt_leaseshelper m,|/usr/libexec/libvirt_leaseshelper mr,|' -i apparmor.d/usr.sbin.dnsmasq
+}
+
+pre_build() {
+	# apparmor-rules-void contains conflicting rules
+	rm -f apparmor.d/php-fpm apparmor/profiles/extra/sbin.dhcpcd
+}
diff --git a/srcpkgs/apparmor-rules-upstream/update b/srcpkgs/apparmor-rules-upstream/update
new file mode 100644
index 00000000000000..ec619829d3b4e7
--- /dev/null
+++ b/srcpkgs/apparmor-rules-upstream/update
@@ -0,0 +1,2 @@
+site=https://gitlab.com/apparmor/apparmor/-/commits/master/profiles/apparmor.d
+pattern='<li class="commits-row" data-day="\K.*(?=">)'
diff --git a/srcpkgs/apparmor/files/profiles/usr.bin.dhcpcd b/srcpkgs/apparmor-rules-void/files/profiles/usr.bin.dhcpcd
similarity index 100%
rename from srcpkgs/apparmor/files/profiles/usr.bin.dhcpcd
rename to srcpkgs/apparmor-rules-void/files/profiles/usr.bin.dhcpcd
diff --git a/srcpkgs/apparmor/files/profiles/usr.bin.nginx b/srcpkgs/apparmor-rules-void/files/profiles/usr.bin.nginx
similarity index 100%
rename from srcpkgs/apparmor/files/profiles/usr.bin.nginx
rename to srcpkgs/apparmor-rules-void/files/profiles/usr.bin.nginx
diff --git a/srcpkgs/apparmor/files/profiles/usr.bin.php-fpm b/srcpkgs/apparmor-rules-void/files/profiles/usr.bin.php-fpm
similarity index 100%
rename from srcpkgs/apparmor/files/profiles/usr.bin.php-fpm
rename to srcpkgs/apparmor-rules-void/files/profiles/usr.bin.php-fpm
diff --git a/srcpkgs/apparmor/files/profiles/usr.bin.pulseaudio b/srcpkgs/apparmor-rules-void/files/profiles/usr.bin.pulseaudio
similarity index 100%
rename from srcpkgs/apparmor/files/profiles/usr.bin.pulseaudio
rename to srcpkgs/apparmor-rules-void/files/profiles/usr.bin.pulseaudio
diff --git a/srcpkgs/apparmor/files/profiles/usr.bin.uuidd b/srcpkgs/apparmor-rules-void/files/profiles/usr.bin.uuidd
similarity index 100%
rename from srcpkgs/apparmor/files/profiles/usr.bin.uuidd
rename to srcpkgs/apparmor-rules-void/files/profiles/usr.bin.uuidd
diff --git a/srcpkgs/apparmor/files/profiles/usr.bin.wpa_supplicant b/srcpkgs/apparmor-rules-void/files/profiles/usr.bin.wpa_supplicant
similarity index 100%
rename from srcpkgs/apparmor/files/profiles/usr.bin.wpa_supplicant
rename to srcpkgs/apparmor-rules-void/files/profiles/usr.bin.wpa_supplicant
diff --git a/srcpkgs/apparmor-rules-void/template b/srcpkgs/apparmor-rules-void/template
new file mode 100644
index 00000000000000..8c9521b2b246e9
--- /dev/null
+++ b/srcpkgs/apparmor-rules-void/template
@@ -0,0 +1,14 @@
+# Template file for 'apparmor-rules-void'
+pkgname=apparmor-rules-void
+version=2021.05.17
+revision=1
+build_style=meta
+short_desc="AppArmor Void Linux rules"
+maintainer="Paper <paper@tilde.institute>"
+license="GPL-2.0-only"
+homepage="https://github.com/void-linux/void-packages/"
+
+do_install() {
+	vmkdir etc/apparmor.d
+	cp ${FILESDIR}/profiles/* ${DESTDIR}/etc/apparmor.d/
+}
diff --git a/srcpkgs/apparmor/patches/fix-dnsmasq-libvirt.patch b/srcpkgs/apparmor/patches/fix-dnsmasq-libvirt.patch
deleted file mode 100644
index 99ba9d3b5ab95e..00000000000000
--- a/srcpkgs/apparmor/patches/fix-dnsmasq-libvirt.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
-index 7ae9a148..a32d24ca 100644
---- a/profiles/apparmor.d/usr.sbin.dnsmasq
-+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
-@@ -113,7 +113,7 @@ profile dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
-     /etc/libnl-3/classid r,
- 
-     /usr/lib{,64}/libvirt/libvirt_leaseshelper m,
--    /usr/libexec/libvirt_leaseshelper m,
-+    /usr/libexec/libvirt_leaseshelper mr,
- 
-     owner @{PROC}/@{pid}/net/psched r,
-     owner @{PROC}/@{pid}/status r,
diff --git a/srcpkgs/apparmor/template b/srcpkgs/apparmor/template
index 0d8c1ec7087eba..45a39b8d97c61d 100644
--- a/srcpkgs/apparmor/template
+++ b/srcpkgs/apparmor/template
@@ -1,19 +1,20 @@
 # Template file for 'apparmor'
 pkgname=apparmor
 version=3.0.1
-revision=4
+revision=5
 wrksrc="${pkgname}-v${version}"
 build_wrksrc=libraries/libapparmor
 build_style=gnu-configure
-conf_files="/etc/apparmor.d/local/* /etc/apparmor/*"
+conf_files="/etc/apparmor/*"
 make_dirs="/etc/apparmor.d/disable 0755 root root"
 hostmakedepends="bison flex autoconf automake libtool gettext swig python3 which"
 makedepends="perl python3-devel"
-depends="runit-void-apparmor libapparmor-${version}_${revision} python3-notify2 python3-psutil"
+depends="runit-void-apparmor apparmor-rules-upstream apparmor-rules-void
+ libapparmor-${version}_${revision} python3-notify2 python3-psutil"
 checkdepends="dejagnu"
 short_desc="Mandatory access control to restrict programs"
 maintainer="Olivier Mauras <olivier@mauras.ch>"
-license="GPL-2.0-only, LGPL-2.1-only"
+license="GPL-2.0-only"
 homepage="https://gitlab.com/apparmor/apparmor"
 changelog="https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_${version}"
 distfiles="https://gitlab.com/apparmor/apparmor/-/archive/v${version}/apparmor-v${version}.tar.gz"
@@ -28,23 +29,15 @@ pre_configure() {
 	autoreconf -if
 }
 
-pre_build() {
-	# Replace release profiles with our own
-	cd ${wrksrc}
-	cp ${FILESDIR}/profiles/* profiles/apparmor.d/
-}
-
 post_build() {
-	cd ${wrksrc}
-
+	cd "${wrksrc}"
 	make ${makejobs} -C binutils
 	make ${makejobs} -C utils
 	make ${makejobs} -C parser
-	make ${makejobs} -C profiles
 }
 
 post_install() {
-	cd ${wrksrc}
+	cd "${wrksrc}"
 	commonflags="DESTDIR=\"${DESTDIR}\" SBINDIR=\"${DESTDIR}/usr/bin\" USR_SBINDIR=\"${DESTDIR}/usr/bin\""
 	make $commonflags install -C binutils
 	make $commonflags \
@@ -54,15 +47,11 @@ post_install() {
 	make $commonflags \
 		APPARMOR_BIN_PREFIX="${DESTDIR}/usr/lib/apparmor" \
 		install -C parser
-	make DESTDIR="${DESTDIR}" install -C profiles
 
 	# requires perl bindings not generated when cross-compiling
 	if [ "$CROSS_BUILD" ]; then
 		rm -f ${DESTDIR}/usr/bin/aa-notify
 	fi
-
-	# we installed a custom conflicting profile
-	rm ${DESTDIR}/etc/apparmor.d/{,local/}php-fpm
 }
 
 apparmor-vim_package() {
@@ -76,6 +65,7 @@ apparmor-vim_package() {
 
 libapparmor_package() {
 	short_desc+=" - Library"
+	license="LGPL-2.1-only"
 	pkg_install() {
 		vmove "usr/lib/libapparmor.so*"
 		if [ -z "$CROSS_BUILD" ]; then
@@ -89,6 +79,7 @@ libapparmor_package() {
 
 libapparmor-devel_package() {
 	short_desc+=" - Library development files"
+	license="LGPL-2.1-only"
 	depends="lib${sourcepkg}-${version}_${revision}"
 	pkg_install() {
 		vmove usr/include