diff --git a/salt/profile/wikisearch/files/elasticsearch.apparmor b/salt/profile/wikisearch/files/elasticsearch.apparmor
index b7b5c73..ba60150 100644
--- a/salt/profile/wikisearch/files/elasticsearch.apparmor
+++ b/salt/profile/wikisearch/files/elasticsearch.apparmor
@@ -1,11 +1,10 @@
 # managed by salt - do not edit manually!
 
-# AppArmor profile for elasticsearch 1.7
-
+# AppArmor profile for elasticsearch 6.8
 # vim: ft=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2017 Christian Boltz
+#    Copyright (C) 2017-2022 Christian Boltz
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -15,101 +14,132 @@
 
 #include <tunables/global>
 
-profile elasticsearch /usr/share/java/elasticsearch/bin/elasticsearch flags=(complain) {
+profile elasticsearch /usr/share/elasticsearch/bin/elasticsearch flags=(complain) {
   #include <abstractions/base>
 
-  /bin/hostname Cx,
+  capability sys_ptrace,
+
   /dev/tty rw,
-  /usr/bin/dirname mrix,
-  /usr/bin/getopt mrix,
-  /usr/bin/uname mrix,
-  /usr/bin/which mrix,
-  /usr/lib*/jvm/java-*-openjdk-*/jre/bin/java rCx -> java,
-  /usr/share/java/elasticsearch/bin/elasticsearch r,
-  /usr/share/java/elasticsearch/bin/elasticsearch.in.sh r,
+  /etc/nsswitch.conf r,
+  /etc/passwd r,
+  /usr/bin/basename Cx -> helper,
+  /usr/bin/dirname Cx -> helper,
+  /usr/bin/grep Cx -> helper,
+  /usr/bin/which Cx -> helper,
+  /usr/lib64/jvm/java-11-openjdk-11/bin/java Cx -> java,
+  /usr/share/elasticsearch/ r,
+  /usr/share/elasticsearch/bin/elasticsearch r,
+  /usr/share/elasticsearch/bin/elasticsearch-env r,
 
 
-  profile /bin/hostname flags=(complain) {
+  profile helper flags=(complain) {
     #include <abstractions/base>
-    #include <abstractions/nameservice>
 
-    /bin/hostname mr,
+    /usr/bin/basename mr,
+    /usr/bin/dirname mr,
+    /usr/bin/grep mr,
+    /usr/bin/which mr,
 
   }
 
   profile java flags=(complain) {
     #include <abstractions/base>
-    #include <abstractions/nameservice>
 
-    / r,
-    /dev/ r,
-    /dev/hugepages/ r,
-    /dev/mqueue/ r,
-    /dev/pts/ r,
+    ptrace read peer=elasticsearch//ldconfig,
+
     /etc/elasticsearch/ r,
     /etc/elasticsearch/elasticsearch.yml r,
-    /etc/elasticsearch/logging.yml r,
-    /lib*/ r,
-    /proc/ r,
-    /proc/*/ r,
-    /proc/*/fd/ r,
-    /proc/*/maps r,
-    /proc/*/mounts r,
-    /proc/*/net/dev r,
+    /etc/elasticsearch/jvm.options r,
+    /etc/elasticsearch/log4j2.properties r,
+    /etc/elasticsearch/scripts/ r,
+    /etc/host.conf r,
+    /etc/hosts r,
+    /etc/nsswitch.conf r,
+    /etc/passwd r,
     /proc/*/net/if_inet6 r,
     /proc/*/net/ipv6_route r,
-    /proc/*/net/snmp r,
     /proc/*/stat r,
-    /proc/*/statm r,
-    /proc/cpuinfo r,
     /proc/diskstats r,
     /proc/loadavg r,
-    /proc/meminfo r,
-    /proc/mtrr r,
-    /proc/stat r,
-    /proc/sys/fs/binfmt_misc/ r,
-    /proc/uptime r,
-    /proc/vmstat r,
-    /run/ r,
-    /run/elasticsearch/ r,
-    /run/elasticsearch/elasticsearch.pid rw,
-    /run/user/0/ r,
-    /sys/ r,
-    /sys/devices/system/cpu/ r,
-    /sys/fs/cgroup/ r,
-    /sys/fs/cgroup/blkio/ r,
-    /sys/fs/cgroup/cpu,cpuacct/ r,
-    /sys/fs/cgroup/cpuset/ r,
-    /sys/fs/cgroup/devices/ r,
-    /sys/fs/cgroup/freezer/ r,
-    /sys/fs/cgroup/hugetlb/ r,
-    /sys/fs/cgroup/memory/ r,
-    /sys/fs/cgroup/net_cls,net_prio/ r,
-    /sys/fs/cgroup/perf_event/ r,
-    /sys/fs/cgroup/pids/ r,
-    /sys/fs/cgroup/systemd/ r,
-    /sys/fs/pstore/ r,
-    /sys/kernel/debug/ r,
-    /sys/kernel/security/ r,
-    /tmp/ r,
+    /proc/sys/kernel/core_pattern r,
+    /proc/sys/kernel/pid_max r,
+    /proc/sys/kernel/threads-max r,
+    /proc/sys/net/core/somaxconn r,
+    /proc/sys/vm/max_map_count r,
+    /run/netconfig/resolv.conf r,
+    /sbin/ldconfig Px -> elasticsearch//ldconfig,
+    /sys/devices/system/cpu/offline r,
+    /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_period_us r,
+    /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us r,
+    /sys/fs/cgroup/cpu,cpuacct/cpu.shares r,
+    /sys/fs/cgroup/cpu,cpuacct/cpu.stat r,
+    /sys/fs/cgroup/cpu,cpuacct/cpuacct.usage r,
+    /sys/fs/cgroup/cpuset/cpuset.cpus r,
+    /sys/fs/cgroup/cpuset/cpuset.mems r,
+    /sys/fs/cgroup/memory/memory.limit_in_bytes r,
+    /sys/fs/cgroup/memory/memory.max_usage_in_bytes r,
+    /sys/fs/cgroup/memory/memory.soft_limit_in_bytes r,
+    /sys/fs/cgroup/memory/memory.stat r,
+    /sys/fs/cgroup/memory/memory.usage_in_bytes r,
+    /sys/fs/cgroup/memory/memory.use_hierarchy r,
+    /sys/kernel/mm/transparent_hugepage/defrag r,
+    /sys/kernel/mm/transparent_hugepage/enabled r,
+    /usr/lib64/jvm/java-11-openjdk-11/bin/java mr,
+    /usr/share/elasticsearch/ r,
+    /usr/share/elasticsearch/lib/ r,
+    /usr/share/elasticsearch/lib/*.jar r,
+    /usr/share/elasticsearch/modules/ r,
+    /usr/share/elasticsearch/modules/*/ r,
+    /usr/share/elasticsearch/modules/*/*.jar r,
+    /usr/share/elasticsearch/modules/*/*.policy r,
+    /usr/share/elasticsearch/modules/*/*.properties r,
+    /usr/share/elasticsearch/modules/percolator/*.jar r,
+    /usr/share/elasticsearch/plugins/ r,
+    /var/lib/ca-certificates/java-cacerts r,
+    owner /etc/elasticsearch/elasticsearch.keystore rw,
+    owner /etc/elasticsearch/elasticsearch.keystore.tmp rw,
+    owner /proc/*/ r,
+    owner /proc/*/cgroup r,
+    owner /proc/*/coredump_filter rw,
+    owner /proc/*/fd/ r,
+    owner /proc/*/mountinfo r,
+    owner /proc/*/mounts r,
+    owner /run/elasticsearch/elasticsearch.pid w,
+    owner /tmp/elasticsearch-*/ w,
+    owner /tmp/elasticsearch-*/*.tmp w,
+    owner /tmp/hs_err_pid*.log rw,
     owner /tmp/hsperfdata_elasticsearch/ rw,
     owner /tmp/hsperfdata_elasticsearch/* rw,
-    owner /tmp/jna--*/ rw,
-    owner /tmp/jna--*/*.tmp mrw,
-    /usr/ r,
-    /usr/lib*/ r,
-    /usr/share/ r,
-    /usr/share/java/ r,
-    /usr/share/java/elasticsearch/ r,
-    /usr/share/java/elasticsearch/** r,
-    /usr/share/java/elasticsearch/lib/sigar/libsigar-amd64-linux.so mr,
-    /var/ r,
-    /var/lib/ r,
-    owner /var/lib/elasticsearch/ r,
-    owner /var/lib/elasticsearch/nodes/ rw,
-    owner /var/lib/elasticsearch/nodes/** rwk,
-    owner /var/log/elasticsearch/*.log rw,
-    owner /var/log/elasticsearch/elasticsearch.log.20[12][0-9]-[01][0-9]-[0-3][0-9] rw,
+    owner /var/lib/elasticsearch/.cache/ w,
+    owner /var/lib/elasticsearch/.cache/JNA/ w,
+    owner /var/lib/elasticsearch/.cache/JNA/temp/ rw,
+    owner /var/lib/elasticsearch/.cache/JNA/temp/*.tmp mrw,
+    owner /var/lib/elasticsearch/nodes/ w,
+    owner /var/lib/elasticsearch/nodes/0/ w,
+    owner /var/lib/elasticsearch/nodes/0/.es_temp_file w,
+    owner /var/lib/elasticsearch/nodes/0/.es_temp_file.final w,
+    owner /var/lib/elasticsearch/nodes/0/.es_temp_file.tmp rw,
+    owner /var/lib/elasticsearch/nodes/0/_state/ rw,
+    owner /var/lib/elasticsearch/nodes/0/_state/global-[0-9].st rw,
+    owner /var/lib/elasticsearch/nodes/0/_state/global-[0-9].st.tmp rw,
+    owner /var/lib/elasticsearch/nodes/0/_state/node-[0-9].st rw,
+    owner /var/lib/elasticsearch/nodes/0/_state/node-[0-9].st.tmp rw,
+    owner /var/lib/elasticsearch/nodes/0/indices/ rw,
+    owner /var/lib/elasticsearch/nodes/0/indices/** rwk,
+    owner /var/lib/elasticsearch/nodes/0/node.lock wk,
+    owner /var/log/elasticsearch/elasticsearch.log rw,
+    owner /var/log/elasticsearch/elasticsearch_deprecation.log rw,
+    owner /var/log/elasticsearch/elasticsearch_index_indexing_slowlog.log rw,
+    owner /var/log/elasticsearch/elasticsearch_index_search_slowlog.log rw,
+    owner /var/log/elasticsearch/loggc rw,
+    owner /var/log/elasticsearch/loggc.*[0-9] w,
+
+  }
+
+  profile ldconfig flags=(complain) {
+    #include <abstractions/base>
+
+    /sbin/ldconfig mr,
 
   }
 }