diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix
index da8cfac3e07..c6c72cc4e52 100644
--- a/pkgs/os-specific/linux/apparmor/default.nix
+++ b/pkgs/os-specific/linux/apparmor/default.nix
@@ -20,8 +20,8 @@
 }:
 
 let
-  apparmor-series = "2.13";
-  apparmor-patchver = "5";
+  apparmor-series = "3.0";
+  apparmor-patchver = "0";
   apparmor-version = apparmor-series + "." + apparmor-patchver;
 
   apparmor-meta = component: with stdenv.lib; {
@@ -33,8 +33,8 @@ let
   };
 
   apparmor-sources = fetchurl {
-    url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz";
-    sha256 = "05x7r99k00r97v1cq2f711lv6yqzhbl8zp1i1c7kxra4v0a2lzk3";
+    url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-series}/+download/apparmor-${apparmor-version}.tar.gz";
+    sha256 = "0pkm8f619c0ra8kpjmarzl9d409dn4sy0kl6mb92gd0ywlgpbzb6";
   };
 
   aa-teardown = writeShellScript "aa-teardown" ''
@@ -146,7 +146,7 @@ let
 
     postInstall = ''
       sed -i $out/bin/aa-unconfined -e "/my_env\['PATH'\]/d"
-      for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-status aa-unconfined ; do
+      for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-unconfined ; do
         wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${python.libPrefix}/site-packages:$PYTHONPATH"
       done
 
@@ -156,8 +156,6 @@ let
       makeWrapper ${perl}/bin/perl $out/bin/aa-notify --set PERL5LIB ${libapparmor}/${perl.libPrefix} --add-flags $out/bin/aa-notify-wrapped
 
       substituteInPlace $out/bin/aa-remove-unknown \
-       --replace "/usr/bin/aa-status" "$out/bin/aa-status" \
-       --replace "/sbin/modprobe" "${kmod}/bin/modprobe" \
        --replace "/lib/apparmor/rc.apparmor.functions" "${apparmor-parser}/lib/apparmor/rc.apparmor.functions"
       wrapProgram $out/bin/aa-remove-unknown \
        --prefix PATH : ${lib.makeBinPath [gawk]}
@@ -190,7 +188,7 @@ let
     prePatch = prePatchCommon;
     postPatch = "cd ./binutils";
     makeFlags = [ "LANGS=" "USE_SYSTEM=1" ];
-    installFlags = [ "DESTDIR=$(out)" "BINDIR=$(out)/bin" ];
+    installFlags = [ "DESTDIR=$(out)" "BINDIR=$(out)/bin" "SBINDIR=$(out)/bin" ];
 
     inherit doCheck;
 
@@ -294,7 +292,8 @@ let
         # eg. glibc-2.30/lib/gconv/gconv-modules
         "r $path/lib/**"
       ]
-    }: rootPaths: runCommand "apparmor-closure-rules" {} ''
+    , name ? ""
+    }: rootPaths: runCommand "apparmor-closure-rules${optionalString (name != "") "-${name}"}" {} ''
     touch $out
     while read -r path
     do printf >>$out "%s,\n" ${lib.concatMapStringsSep " " (x: "\"${x}\"") (baseRules ++ additionalRules)}