diff --git a/apparmor.changes b/apparmor.changes
index b399561..29646cf 100644
--- a/apparmor.changes
+++ b/apparmor.changes
@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Wed Apr 13 13:38:29 UTC 2022 - Noel Power <nopower@suse.com>
+
+- Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon
+  which now will spawn new additional services on demand. We need to
+  modify the existing smbd/winbind profiles and additionally add a
+  new set of profiles to cater for the new functionality;
+  (bnc#1198309);
+  
+-------------------------------------------------------------------
+Mon Apr 11 14:34:51 UTC 2022 - Noel Power <nopower@suse.com>
+
+- Add samba_deny_net_admin.patch to add new rule to deny
+  noisy setsockopt calls from systemd; (bnc#1196850).
+
 -------------------------------------------------------------------
 Sun Apr 10 13:08:56 UTC 2022 - Christian Boltz <suse-beta@cboltz.de>
 
diff --git a/apparmor.spec b/apparmor.spec
index d096337..75c91de 100644
--- a/apparmor.spec
+++ b/apparmor.spec
@@ -88,7 +88,13 @@ Patch8:         update-usr-sbin-smbd.diff
 
 # add zgrep and xzgrep profile (submitted upstream 2022-04-10 https://gitlab.com/apparmor/apparmor/-/merge_requests/870)
 Patch9:         zgrep-profile-mr870.diff
-
+# squash noisy setsockopt calls https://gitlab.com/apparmor/apparmor/-/merge_requests/867
+# bsc#1196850
+Patch10:        samba_deny_net_admin.patch
+# support for new dcerpcd subsytem in >= samba-4.16
+# https://gitlab.com/apparmor/apparmor/-/merge_requests/871
+# bsc#1198309
+Patch11:        samba-new-dcerpcd.patch
 PreReq:         sed
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define apparmor_bin_prefix %{?usrmerged:/usr}/lib/apparmor
@@ -354,6 +360,8 @@ mv -v profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 profiles/apparmor/
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10 -p1
+%patch11 -p1
 
 %build
 %define _lto_cflags %{nil}
@@ -584,6 +592,9 @@ rm -fv %{buildroot}%{_libdir}/libapparmor.la
 %config(noreplace) %{_sysconfdir}/apparmor.d/nvidia_modprobe
 %config(noreplace) %{_sysconfdir}/apparmor.d/php-fpm
 %config(noreplace) %{_sysconfdir}/apparmor.d/samba-bgqd
+%config(noreplace) %{_sysconfdir}/apparmor.d/samba-dcerpcd
+%config(noreplace) %{_sysconfdir}/apparmor.d/samba-rpcd
+%config(noreplace) %{_sysconfdir}/apparmor.d/samba-rpcd-*
 %config(noreplace) %{_sysconfdir}/apparmor.d/zgrep
 %config(noreplace) %{_sysconfdir}/apparmor.d/local/*
 %dir /usr/share/apparmor/
diff --git a/samba-new-dcerpcd.patch b/samba-new-dcerpcd.patch
new file mode 100644
index 0000000..e2c165b
--- /dev/null
+++ b/samba-new-dcerpcd.patch
@@ -0,0 +1,173 @@
+Index: apparmor-3.0.4/profiles/apparmor.d/usr.sbin.smbd
+===================================================================
+--- apparmor-3.0.4.orig/profiles/apparmor.d/usr.sbin.smbd
++++ apparmor-3.0.4/profiles/apparmor.d/usr.sbin.smbd
+@@ -39,6 +39,7 @@ profile smbd /usr/{bin,sbin}/smbd {
+   /usr/lib*/samba/gensec/*.so mr,
+   /usr/lib*/samba/pdb/*.so mr,
+   /usr/lib*/samba/samba-bgqd Px -> samba-bgqd,
++  /usr/lib*/samba/samba-dcerpcd Px -> samba-dcerpcd,
+   /usr/lib*/samba/{lowcase,upcase,valid}.dat r,
+   /usr/lib/@{multiarch}/samba/*.so{,.[0-9]*} mr,
+   /usr/lib/@{multiarch}/samba/**/ r,
+Index: apparmor-3.0.4/profiles/apparmor.d/usr.sbin.winbindd
+===================================================================
+--- apparmor-3.0.4.orig/profiles/apparmor.d/usr.sbin.winbindd
++++ apparmor-3.0.4/profiles/apparmor.d/usr.sbin.winbindd
+@@ -26,6 +26,7 @@ profile winbindd /usr/{bin,sbin}/winbind
+   /usr/lib*/samba/idmap/*.so mr,
+   /usr/lib*/samba/nss_info/*.so mr,
+   /usr/lib*/samba/pdb/*.so mr,
++  /usr/lib*/samba/samba-dcerpcd Px -> samba-dcerpcd,
+   /usr/{bin,sbin}/winbindd mr,
+   /var/cache/krb5rcache/* rwk,
+   /var/cache/samba/*.tdb rwk,
+Index: apparmor-3.0.4/profiles/apparmor.d/samba-dcerpcd
+===================================================================
+--- /dev/null
++++ apparmor-3.0.4/profiles/apparmor.d/samba-dcerpcd
+@@ -0,0 +1,29 @@
++# ------------------------------------------------------------------
++#
++#    Copyright (C) 2022 SUSE LLC
++#
++#    This program is free software; you can redistribute it and/or
++#    modify it under the terms of version 2 of the GNU General Public
++#    License published by the Free Software Foundation.
++#
++# ------------------------------------------------------------------
++# vim:syntax=apparmor
++
++abi <abi/3.0>,
++
++include <tunables/global>
++
++profile samba-dcerpcd /usr/lib*/samba/samba-dcerpcd {
++  include <abstractions/samba-rpcd>
++
++  @{run}/samba/samba-dcerpcd.pid wk,
++
++  /usr/lib*/samba/rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} Px -> samba-rpcd,
++  /usr/lib*/samba/rpcd_classic Px -> samba-rpcd-classic,
++  /usr/lib*/samba/rpcd_spoolss Px -> samba-rpcd-spoolss,
++
++  @{run}/samba/ncalrpc/ rw,
++  @{run}/samba/ncalrpc/** rw,
++  # Site-specific additions and overrides. See local/README for details.
++  include if exists <local/samba-dcerpcd>
++}
+Index: apparmor-3.0.4/profiles/apparmor.d/abstractions/samba-rpcd
+===================================================================
+--- /dev/null
++++ apparmor-3.0.4/profiles/apparmor.d/abstractions/samba-rpcd
+@@ -0,0 +1,30 @@
++# ------------------------------------------------------------------
++#
++#    Copyright (C) 2022 SUSE LLC
++#
++#    This program is free software; you can redistribute it and/or
++#    modify it under the terms of version 2 of the GNU General Public
++#    License published by the Free Software Foundation.
++#
++# ------------------------------------------------------------------
++# vim:syntax=apparmor
++
++# This file contains basic permissions for samba rpcd_xyz services
++
++  abi <abi/3.0>,
++
++  include <abstractions/base>
++  include <abstractions/nameservice>
++  include <abstractions/samba>
++
++  capability setgid,
++  capability setuid,
++
++  signal receive set=term peer=smbd,
++
++  @{PROC}/sys/kernel/core_pattern r,
++  owner @{PROC}/@{pid}/fd/ r,
++
++  # Include additions to the abstraction
++  include if exists <abstractions/samba-rpcd.d>
++
+Index: apparmor-3.0.4/profiles/apparmor.d/samba-rpcd
+===================================================================
+--- /dev/null
++++ apparmor-3.0.4/profiles/apparmor.d/samba-rpcd
+@@ -0,0 +1,20 @@
++# ------------------------------------------------------------------
++#
++#    Copyright (C) 2022 SUSE LLC
++#
++#    This program is free software; you can redistribute it and/or
++#    modify it under the terms of version 2 of the GNU General Public
++#    License published by the Free Software Foundation.
++#
++# ------------------------------------------------------------------
++# vim:syntax=apparmor
++
++abi <abi/3.0>,
++
++include <tunables/global>
++
++profile samba-rpcd /usr/lib*/samba/rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} {
++  include <abstractions/samba-rpcd>
++  # Site-specific additions and overrides. See local/README for details.
++  include if exists <local/samba-rpcd>
++}
+Index: apparmor-3.0.4/profiles/apparmor.d/samba-rpcd-classic
+===================================================================
+--- /dev/null
++++ apparmor-3.0.4/profiles/apparmor.d/samba-rpcd-classic
+@@ -0,0 +1,22 @@
++# ------------------------------------------------------------------
++#
++#    Copyright (C) 2022 SUSE LLC
++#
++#    This program is free software; you can redistribute it and/or
++#    modify it under the terms of version 2 of the GNU General Public
++#    License published by the Free Software Foundation.
++#
++# ------------------------------------------------------------------
++# vim:syntax=apparmor
++
++abi <abi/3.0>,
++
++include <tunables/global>
++
++profile samba-rpcd-classic /usr/lib*/samba/rpcd_classic {
++  include <abstractions/samba-rpcd>
++  include <abstractions/wutmp>
++
++  # Site-specific additions and overrides. See local/README for details.
++  include if exists <local/samba-rpcd-classic>
++}
+Index: apparmor-3.0.4/profiles/apparmor.d/samba-rpcd-spoolss
+===================================================================
+--- /dev/null
++++ apparmor-3.0.4/profiles/apparmor.d/samba-rpcd-spoolss
+@@ -0,0 +1,23 @@
++# ------------------------------------------------------------------
++#
++#    Copyright (C) 2022 SUSE LLC
++#
++#    This program is free software; you can redistribute it and/or
++#    modify it under the terms of version 2 of the GNU General Public
++#    License published by the Free Software Foundation.
++#
++# ------------------------------------------------------------------
++# vim:syntax=apparmor
++
++abi <abi/3.0>,
++
++include <tunables/global>
++
++profile samba-rpcd-spoolss /usr/lib*/samba/rpcd_spoolss {
++  include <abstractions/samba-rpcd>
++
++  /usr/lib*/samba/samba-bgqd Px -> samba-bgqd,
++
++  # Site-specific additions and overrides. See local/README for details.
++  include if exists <local/samba-rpcd-spoolss>
++}
diff --git a/samba_deny_net_admin.patch b/samba_deny_net_admin.patch
new file mode 100644
index 0000000..7e430bd
--- /dev/null
+++ b/samba_deny_net_admin.patch
@@ -0,0 +1,12 @@
+Index: apparmor-3.0.4/profiles/apparmor.d/abstractions/samba
+===================================================================
+--- apparmor-3.0.4.orig/profiles/apparmor.d/abstractions/samba
++++ apparmor-3.0.4/profiles/apparmor.d/abstractions/samba
+@@ -34,5 +34,7 @@
+   # required for clustering
+   /var/lib/ctdb/** rwk,
+ 
++  deny capability net_admin, # noisy setsockopt() calls from systemd
++
+   # Include additions to the abstraction
+   include if exists <abstractions/samba.d>