diff --git a/root/etc/xdg/autostart/apparmor-notify.desktop b/root/etc/xdg/autostart/apparmor-notify.desktop
new file mode 100644
index 00000000..36d6e71d
--- /dev/null
+++ b/root/etc/xdg/autostart/apparmor-notify.desktop
@@ -0,0 +1,8 @@
+[Desktop Entry]
+Type=Application
+Name=AppArmor Notify
+Comment=Receive on screen notifications of AppArmor denials
+TryExec=aa-notify
+Exec=aa-notify -p -s 1 -w 60 -f /var/log/audit/audit.log
+StartupNotify=false
+NoDisplay=true
diff --git a/root/usr/lib/sysusers.d/apparmor.d.conf b/root/usr/lib/sysusers.d/apparmor.d.conf
new file mode 100644
index 00000000..c5bd1271
--- /dev/null
+++ b/root/usr/lib/sysusers.d/apparmor.d.conf
@@ -0,0 +1,2 @@
+# Allow the user to read the apparmor log
+g audit -