diff --git a/apparmor.d/groups/virt/containerd b/apparmor.d/groups/virt/containerd
index 1ae77b55..982098f3 100644
--- a/apparmor.d/groups/virt/containerd
+++ b/apparmor.d/groups/virt/containerd
@@ -57,6 +57,12 @@ profile containerd @{exec_path} {
   owner @{PROC}/@{pids}/uid_map r,
   owner @{PROC}/@{pids}/mountinfo r,
         @{PROC}/sys/net/core/somaxconn r,
+  
+  # AppArmor within containers
+  @{sys}/kernel/security/apparmor/profiles r,
+  @{sys}/module/apparmor/parameters/enabled r,
+  /tmp/cri-containerd.apparmor.d[0-9]* rwl,
+  /usr/sbin/apparmor_parser Px,
 
   include if exists <local/containerd>
 }
\ No newline at end of file