diff --git a/apparmor.d/profiles-a-f/colordiff b/apparmor.d/profiles-a-f/colordiff
new file mode 100644
index 000000000..7766f671a
--- /dev/null
+++ b/apparmor.d/profiles-a-f/colordiff
@@ -0,0 +1,32 @@
+# vim:syntax=apparmor
+# apparmor.d - Full set of apparmor profiles
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{DIFF_PATHS_RO} = /etc @{HOME} /srv /tmp /var /usr/share /usr/lib/systemd
+
+@{exec_path} = /{,usr/}bin/colordiff
+profile colordiff @{exec_path} {
+  @{exec_path} r,
+  include <abstractions/base>
+  include <abstractions/private-files-strict>
+
+  @{DIFF_PATHS_RO}/** r,
+  @{MOUNTS}/**        r,
+
+  /{,usr/}bin/diff  rix,
+  /{,usr/}bin/perl  rix,
+
+  /etc/colordiffrc  r,
+
+  deny /var/log/{,**/}*.gz r,
+
+  # Extremely sensitive files
+  audit deny /etc/**.key             mrwkl,
+  audit deny /etc/ssh/ssh_host_*_key mrwkl,
+
+  include if exists <local/colordiff>
+}
diff --git a/apparmor.d/profiles-a-f/diff b/apparmor.d/profiles-a-f/diff
new file mode 100644
index 000000000..752cfb03b
--- /dev/null
+++ b/apparmor.d/profiles-a-f/diff
@@ -0,0 +1,27 @@
+# vim:syntax=apparmor
+# apparmor.d - Full set of apparmor profiles
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{DIFF_PATHS_RO} = /etc @{HOME} /srv /tmp /var /usr/share /usr/lib/systemd
+
+@{exec_path} = /{,usr/}bin/diff
+profile diff @{exec_path} {
+  @{exec_path} r,
+  include <abstractions/base>
+  include <abstractions/private-files-strict>
+
+  @{DIFF_PATHS_RO}/** r,
+  @{MOUNTS}/**        r,
+
+  deny /var/log/{,**/}*.gz r,
+
+  # Extremely sensitive files
+  audit deny /etc/**.key             mrwkl,
+  audit deny /etc/ssh/ssh_host_*_key mrwkl,
+
+  include if exists <local/diff>
+}