diff --git a/tests/regression/apparmor/mkprofile.pl b/tests/regression/apparmor/mkprofile.pl
index f21b7d06e..678acc256 100755
--- a/tests/regression/apparmor/mkprofile.pl
+++ b/tests/regression/apparmor/mkprofile.pl
@@ -16,6 +16,7 @@ my $nowarn = '';
 my $nodefault;
 my $noimage;
 my $escape = '';
+my $usestdin = '';
 my %output_rules;
 my $hat = "__no_hat";
 my %flags;
@@ -26,19 +27,22 @@ GetOptions(
   'help|h' => \$help,
   'nodefault|N' => \$nodefault,
   'noimage|I' => \$noimage,
+  'stdin' => \$usestdin,
 );
 
 sub usage {
   print STDERR "$__VERSION__\n";
   print STDERR "Usage $0 [--nowarn|--escape] execname [rules]\n";
   print STDERR "      $0 --help\n";
+  print STDERR "      $0 --stdin\n";
   print STDERR "  nowarn:      don't warn if execname does not exist\n";
   print STDERR "  nodefault:   don't include default rules/ldd output\n";
   print STDERR "  escape:      escape stuff that would be treated as regexs\n";
   print STDERR "  help:        print this message\n";
 }
 
-&usage && exit 0 if ($help || @ARGV < 1);
+# genprofile passes in $bin:w as default rule atm
+&usage && exit 0 if ($help || (!$usestdin && @ARGV < 1) || ($usestdin && @ARGV != 2));
 
 sub head ($) {
   my $file = shift;
@@ -214,34 +218,6 @@ sub gen_addimage($) {
   }
 }
 
-my $bin = shift @ARGV;
-!(-e $bin || $nowarn) && print STDERR "Warning: execname '$bin': no such file or directory\n";
-
-unless ($nodefault) {
-  gen_default_rules();
-  gen_binary($bin);
-}
-
-for my $rule (@ARGV) {
-  #($fn, @rules) = split (/:/, $rule);
-  if ($rule =~ /^(tcp|udp)/) {
-    # netdomain rules
-    gen_netdomain($rule);
-  } elsif ($rule =~ /^network:/) {
-    gen_network($rule);
-  } elsif ($rule =~ /^cap:/) {
-    gen_cap($rule);
-  } elsif ($rule =~ /^flag:/) {
-    gen_flag($rule);
-  } elsif ($rule =~ /^hat:/) {
-    gen_hat($rule);
-  } elsif ($rule =~ /^addimage:/) {
-    gen_addimage($rule);
-  } else {
-    gen_file($rule);
-  }
-}
-
 sub emit_flags($) {
   my $hat = shift;
 
@@ -255,26 +231,99 @@ sub emit_flags($) {
   }
 }
 
-print STDOUT "# Profile autogenerated by $__VERSION__\n";
-print STDOUT "$bin ";
-emit_flags('__no_hat');
-print STDOUT "{\n";
-foreach my $outrule (@{$output_rules{'__no_hat'}}) {
-  print STDOUT $outrule;
-}
-foreach my $hat (keys %output_rules) {
-  if (not $hat =~ /^__no_hat$/) {
-    print STDOUT "\n  ^$hat";
-    emit_flags($hat);
-    print STDOUT " {\n";
-    foreach my $outrule (@{$output_rules{$hat}}) {
-      print STDOUT "  $outrule";
+# generate profiles based on cmd line arguments
+sub gen_from_args() {
+  my $bin = shift @ARGV;
+  !(-e $bin || $nowarn) && print STDERR "Warning: execname '$bin': no such file or directory\n";
+
+  unless ($nodefault) {
+    gen_default_rules();
+    gen_binary($bin);
+  }
+
+  for my $rule (@ARGV) {
+    #($fn, @rules) = split (/:/, $rule);
+    if ($rule =~ /^(tcp|udp)/) {
+      # netdomain rules
+      gen_netdomain($rule);
+    } elsif ($rule =~ /^network:/) {
+      gen_network($rule);
+    } elsif ($rule =~ /^cap:/) {
+      gen_cap($rule);
+    } elsif ($rule =~ /^flag:/) {
+      gen_flag($rule);
+    } elsif ($rule =~ /^hat:/) {
+      gen_hat($rule);
+    } elsif ($rule =~ /^addimage:/) {
+      gen_addimage($rule);
+    } else {
+      gen_file($rule);
+    }
+  }
+
+  print STDOUT "# Profile autogenerated by $__VERSION__\n";
+  print STDOUT "$bin ";
+  emit_flags('__no_hat');
+  print STDOUT "{\n";
+  foreach my $outrule (@{$output_rules{'__no_hat'}}) {
+    print STDOUT $outrule;
+  }
+  foreach my $hat (keys %output_rules) {
+    if (not $hat =~ /^__no_hat$/) {
+      print STDOUT "\n  ^$hat";
+      emit_flags($hat);
+      print STDOUT " {\n";
+      foreach my $outrule (@{$output_rules{$hat}}) {
+        print STDOUT "  $outrule";
+      }
+      print STDOUT "  }\n";
+    }
+  }
+  #foreach my $hat keys
+  #foreach my $outrule (@output_rules) {
+  #  print STDOUT $outrule;
+  #}
+  print STDOUT "}\n";
+}
+
+#generate the profiles from stdin, interpreting and replacing the following sequences
+# @{gen_elf name} - generate rules for elf binaries
+# @{gen_bin name} - generate rules for a binary
+# @{gen_def} - generate default rules
+# @{gen name} - do @{gen_def} @{gen_bin name}
+
+sub emit_and_clear_rules() {
+  foreach my $outrule (@{$output_rules{'__no_hat'}}) {
+    print STDOUT $outrule;
+  }
+
+  undef %output_rules;
+}
+
+sub gen_from_stdin() {
+  while(<STDIN>) {
+    chomp;
+    if ($_ =~ m/@\{gen_def}/) {
+      gen_default_rules();
+      emit_and_clear_rules();
+    } elsif ($_ =~ m/@\{gen_bin\s+(.+)\}/) {
+      gen_binary($1);
+      emit_and_clear_rules();
+    } elsif ($_ =~ m/@\{gen_elf\s+(.+)\}/) {
+      gen_elf_binary($1);
+      emit_and_clear_rules();
+    } elsif ($_ =~ m/@\{gen\s+(.+)\}/) {
+      gen_default_rules();
+      gen_binary($1);
+      emit_and_clear_rules();
+    } else {
+      print STDOUT "$_\n" ;
     }
-    print STDOUT "  }\n";
   }
 }
-#foreach my $hat keys
-#foreach my $outrule (@output_rules) {
-#  print STDOUT $outrule;
-#}
-print STDOUT "}\n";
+
+if ($usestdin) {
+  gen_from_stdin();
+} else {
+  gen_from_args();
+}