diff --git a/apparmor.d/groups/virt/cni-loopback b/apparmor.d/groups/virt/cni-loopback
index 7e618fe6..da2cd4a0 100644
--- a/apparmor.d/groups/virt/cni-loopback
+++ b/apparmor.d/groups/virt/cni-loopback
@@ -11,6 +11,9 @@ profile cni-loopback @{exec_path} {
   include <abstractions/base>
 
   @{exec_path} mr,
+
+  @{run}/netns/            r,
+  @{run}/netns/cni-@{uuid} rw,
   
   @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
 
diff --git a/apparmor.d/groups/virt/containerd b/apparmor.d/groups/virt/containerd
index a07de445..6c6746dd 100644
--- a/apparmor.d/groups/virt/containerd
+++ b/apparmor.d/groups/virt/containerd
@@ -26,8 +26,10 @@ profile containerd @{exec_path} flags=(attach_disconnected) {
 
   mount fstype=tmpfs options in (rw, nosuid, nodev, noexec) -> @{run}/containerd/io.containerd.grpc.v1.cri/sandboxes/[0-9a-f]*/shm/,
   mount fstype=zfs -> /var/lib/containerd/tmpmounts/containerd-mount[0-9]*/,
+  mount options in (rw, bind, nosuid, nodev, noexec) -> @{run}/netns/cni-@{uuid},
 
   umount /var/lib/containerd/tmpmounts/containerd-mount[0-9]*/,
+  umount @{run}/netns/cni-@{uuid},
 
   signal (receive) set=term peer=dockerd,