diff --git a/systemd/full/system/ModemManager.service b/systemd/full/system/ModemManager.service
index 03d352890..2d1593f19 100644
--- a/systemd/full/system/ModemManager.service
+++ b/systemd/full/system/ModemManager.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&ModemManager
diff --git a/systemd/full/system/archlinux-keyring-wkd-sync.service b/systemd/full/system/archlinux-keyring-wkd-sync.service
index 03d352890..b88768556 100644
--- a/systemd/full/system/archlinux-keyring-wkd-sync.service
+++ b/systemd/full/system/archlinux-keyring-wkd-sync.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&archlinux-keyring-wkd-sync
diff --git a/systemd/full/system/dbus-org.freedesktop.hostname1.service b/systemd/full/system/dbus-org.freedesktop.hostname1.service
index 03d352890..6d078aea9 100644
--- a/systemd/full/system/dbus-org.freedesktop.hostname1.service
+++ b/systemd/full/system/dbus-org.freedesktop.hostname1.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&systemd-hostnamed
\ No newline at end of file
diff --git a/systemd/full/system/dbus-org.freedesktop.import1.service b/systemd/full/system/dbus-org.freedesktop.import1.service
index 03d352890..0ab519541 100644
--- a/systemd/full/system/dbus-org.freedesktop.import1.service
+++ b/systemd/full/system/dbus-org.freedesktop.import1.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&systemd-importd
\ No newline at end of file
diff --git a/systemd/full/system/dbus-org.freedesktop.locale1.service b/systemd/full/system/dbus-org.freedesktop.locale1.service
index 03d352890..276595080 100644
--- a/systemd/full/system/dbus-org.freedesktop.locale1.service
+++ b/systemd/full/system/dbus-org.freedesktop.locale1.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&systemd-localed
\ No newline at end of file
diff --git a/systemd/full/system/dbus-org.freedesktop.login1.service b/systemd/full/system/dbus-org.freedesktop.login1.service
index 03d352890..c5728915c 100644
--- a/systemd/full/system/dbus-org.freedesktop.login1.service
+++ b/systemd/full/system/dbus-org.freedesktop.login1.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&systemd-logind
\ No newline at end of file
diff --git a/systemd/full/system/dbus-org.freedesktop.machine1.service b/systemd/full/system/dbus-org.freedesktop.machine1.service
index 03d352890..315b1b230 100644
--- a/systemd/full/system/dbus-org.freedesktop.machine1.service
+++ b/systemd/full/system/dbus-org.freedesktop.machine1.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&systemd-machined
\ No newline at end of file
diff --git a/systemd/full/system/dbus-org.freedesktop.timedate1.service b/systemd/full/system/dbus-org.freedesktop.timedate1.service
index 03d352890..ab04c5a45 100644
--- a/systemd/full/system/dbus-org.freedesktop.timedate1.service
+++ b/systemd/full/system/dbus-org.freedesktop.timedate1.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&systemd-timedated
\ No newline at end of file
diff --git a/systemd/full/system/e2scrub@.service b/systemd/full/system/e2scrub@.service
index 03d352890..7340b7610 100644
--- a/systemd/full/system/e2scrub@.service
+++ b/systemd/full/system/e2scrub@.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&e2scrub
\ No newline at end of file
diff --git a/systemd/full/system/e2scrub_reap.service b/systemd/full/system/e2scrub_reap.service
index 03d352890..b903d2f0a 100644
--- a/systemd/full/system/e2scrub_reap.service
+++ b/systemd/full/system/e2scrub_reap.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&e2scrub_all
\ No newline at end of file
diff --git a/systemd/full/system/fprintd.service b/systemd/full/system/fprintd.service
index 03d352890..5f1f063fa 100644
--- a/systemd/full/system/fprintd.service
+++ b/systemd/full/system/fprintd.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&fprintd
\ No newline at end of file
diff --git a/systemd/full/system/fwupd-refresh.service b/systemd/full/system/fwupd-refresh.service
index fa215b3f0..acd28a5a4 100644
--- a/systemd/full/system/fwupd-refresh.service
+++ b/systemd/full/system/fwupd-refresh.service
@@ -1,4 +1,2 @@
 [Service]
-ProtectKernelModules=no
-RestrictRealtime=no
-ProtectKernelModules=no
+AppArmorProfile=&fwupdmgr
\ No newline at end of file
diff --git a/systemd/full/system/geoclue.service b/systemd/full/system/geoclue.service
index 4ba897659..2c10e32f5 100644
--- a/systemd/full/system/geoclue.service
+++ b/systemd/full/system/geoclue.service
@@ -1,6 +1,2 @@
 [Service]
-NoNewPrivileges=no
-MemoryDenyWriteExecute=no
-ProtectKernelTunables=no
-ProtectKernelModules=no
-RestrictRealtime=no
+AppArmorProfile=&geoclue
\ No newline at end of file
diff --git a/systemd/full/system/irqbalance.service b/systemd/full/system/irqbalance.service
index 03d352890..eab67fa44 100644
--- a/systemd/full/system/irqbalance.service
+++ b/systemd/full/system/irqbalance.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&irqbalance
\ No newline at end of file
diff --git a/systemd/full/system/nm-priv-helper.service b/systemd/full/system/nm-priv-helper.service
index 03d352890..53f99edd0 100644
--- a/systemd/full/system/nm-priv-helper.service
+++ b/systemd/full/system/nm-priv-helper.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&nm-priv-helper
diff --git a/systemd/full/system/polkit.service b/systemd/full/system/polkit.service
index 03d352890..b21a28baa 100644
--- a/systemd/full/system/polkit.service
+++ b/systemd/full/system/polkit.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&polkitd
diff --git a/systemd/full/system/rngd.service b/systemd/full/system/rngd.service
index 03d352890..c52a85d0c 100644
--- a/systemd/full/system/rngd.service
+++ b/systemd/full/system/rngd.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&rngd
diff --git a/systemd/full/system/systemd-homed.service b/systemd/full/system/systemd-homed.service
index 03d352890..65d4ae62e 100644
--- a/systemd/full/system/systemd-homed.service
+++ b/systemd/full/system/systemd-homed.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&systemd-homed
diff --git a/systemd/full/system/systemd-hostnamed.service b/systemd/full/system/systemd-hostnamed.service
index 03d352890..6d078aea9 100644
--- a/systemd/full/system/systemd-hostnamed.service
+++ b/systemd/full/system/systemd-hostnamed.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&systemd-hostnamed
\ No newline at end of file
diff --git a/systemd/full/system/systemd-journald.service b/systemd/full/system/systemd-journald.service
index 0316a67c8..48f5a0156 100644
--- a/systemd/full/system/systemd-journald.service
+++ b/systemd/full/system/systemd-journald.service
@@ -1,3 +1,2 @@
 [Service]
-NoNewPrivileges=no
-ProtectClock=no
\ No newline at end of file
+AppArmorProfile=&systemd-journald
\ No newline at end of file
diff --git a/systemd/full/system/systemd-journald@.service b/systemd/full/system/systemd-journald@.service
index 0316a67c8..48f5a0156 100644
--- a/systemd/full/system/systemd-journald@.service
+++ b/systemd/full/system/systemd-journald@.service
@@ -1,3 +1,2 @@
 [Service]
-NoNewPrivileges=no
-ProtectClock=no
\ No newline at end of file
+AppArmorProfile=&systemd-journald
\ No newline at end of file
diff --git a/systemd/full/system/systemd-localed.service b/systemd/full/system/systemd-localed.service
index 03d352890..276595080 100644
--- a/systemd/full/system/systemd-localed.service
+++ b/systemd/full/system/systemd-localed.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&systemd-localed
\ No newline at end of file
diff --git a/systemd/full/system/systemd-logind.service b/systemd/full/system/systemd-logind.service
index 0316a67c8..c5728915c 100644
--- a/systemd/full/system/systemd-logind.service
+++ b/systemd/full/system/systemd-logind.service
@@ -1,3 +1,2 @@
 [Service]
-NoNewPrivileges=no
-ProtectClock=no
\ No newline at end of file
+AppArmorProfile=&systemd-logind
\ No newline at end of file
diff --git a/systemd/full/system/systemd-machined.service b/systemd/full/system/systemd-machined.service
index 03d352890..315b1b230 100644
--- a/systemd/full/system/systemd-machined.service
+++ b/systemd/full/system/systemd-machined.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&systemd-machined
\ No newline at end of file
diff --git a/systemd/full/system/systemd-networkd.service b/systemd/full/system/systemd-networkd.service
index 03d352890..3f4b60849 100644
--- a/systemd/full/system/systemd-networkd.service
+++ b/systemd/full/system/systemd-networkd.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&systemd-networkd
diff --git a/systemd/full/system/systemd-resolved.service b/systemd/full/system/systemd-resolved.service
index 03d352890..fd36871e4 100644
--- a/systemd/full/system/systemd-resolved.service
+++ b/systemd/full/system/systemd-resolved.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&systemd-resolved
diff --git a/systemd/full/system/systemd-timedated.service b/systemd/full/system/systemd-timedated.service
index 03d352890..78dd0193d 100644
--- a/systemd/full/system/systemd-timedated.service
+++ b/systemd/full/system/systemd-timedated.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&systemd-timedated
diff --git a/systemd/full/system/systemd-userdbd.service b/systemd/full/system/systemd-userdbd.service
index 03d352890..d3771658d 100644
--- a/systemd/full/system/systemd-userdbd.service
+++ b/systemd/full/system/systemd-userdbd.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&systemd-userdbd
diff --git a/systemd/full/system/upower.service b/systemd/full/system/upower.service
index 03d352890..082e8f0fa 100644
--- a/systemd/full/system/upower.service
+++ b/systemd/full/system/upower.service
@@ -1,2 +1,2 @@
 [Service]
-NoNewPrivileges=no
\ No newline at end of file
+AppArmorProfile=&upowerd