diff --git a/apparmor.d/profiles-g-l/ip b/apparmor.d/profiles-g-l/ip
index 1c870d94e..2797ae2ba 100644
--- a/apparmor.d/profiles-g-l/ip
+++ b/apparmor.d/profiles-g-l/ip
@@ -20,19 +20,20 @@ profile ip @{exec_path} flags=(attach_disconnected) {
 
   network netlink raw,
 
-  mount options=(rw, bind, rshared)   -> /{var/,}run/netns/,
-  mount options=(rw, rslave)    -> /,
-  mount options=(rw, bind)    / -> /{var/,}run/netns/*,
-  mount options=(rw, bind)    /etc/netns/firefox/resolv.conf -> /etc/resolv.conf,
-  mount fstype=sysfs            -> /sys/,
+  mount options=(rw, rshared)                       -> @{run}/netns/,
+  mount options=(rw, rslave)                        -> /,
+  mount options=(rw, bind)                  @{att}/ ->  @{run}/netns/*,
+  mount options=(rw, bind) /etc/netns/*/resolv.conf -> /etc/resolv.conf,
+  mount fstype=sysfs                                -> /sys/,
 
   umount @{run}/netns/*,
   umount /sys/,
 
   @{exec_path} mrix,
-  @{sh_path} rix,
+  @{shells_path} rUx,
+  @{bin}/sudo rPx,
 
-  / r,
+  @{att}/ r,
 
   /etc/iproute2/{,**} r,
   /etc/netns/*/ r,