diff --git a/apparmor.d/groups/virt/containerd-shim-runc-v2 b/apparmor.d/groups/virt/containerd-shim-runc-v2
index ae091c99..770e36d3 100644
--- a/apparmor.d/groups/virt/containerd-shim-runc-v2
+++ b/apparmor.d/groups/virt/containerd-shim-runc-v2
@@ -29,12 +29,10 @@ profile containerd-shim-runc-v2 @{exec_path} flags=(attach_disconnected) {
   /tmp/pty[0-9]*/ rw,
   /tmp/pty[0-9]*/pty.sock rw,
 
-  @{run}/containerd/ rw,
-  @{run}/containerd/containerd.sock.ttrpc rw,
-  @{run}/containerd/io.containerd.grpc.v1.cri/containers/[0-9a-z]*/io/[0-9]*/[0-9a-z]*-stderr rw,
-  @{run}/containerd/io.containerd.grpc.v1.cri/containers/[0-9a-z]*/io/[0-9]*/[0-9a-z]*-stdout rw,
-  @{run}/containerd/io.containerd.runtime.v2.task/k8s.io/[0-9a-z]*/{,*} rw,
-  @{run}/containerd/s/{,[0-9a-z]*} rw,
+  @{run}/containerd/{,containerd.sock.ttrpc} rw,
+  @{run}/containerd/io.containerd.grpc.v1.cri/containers/[0-9a-f]*/io/[0-9]*/[0-9a-f]*-{stdin,stdout,stderr} rw,
+  @{run}/containerd/io.containerd.runtime.v2.task/k8s.io/[0-9a-f]*/{,*} rw,
+  @{run}/containerd/s/{,[0-9a-f]*} rw,
 
   @{run}/docker/containerd/[0-9a-f]*/[0-9a-f]*-{stdin,stdout,stderr} rw,
   @{run}/docker/containerd/[0-9a-f]*/init-{stdin,stdout,stderr} rw,