diff --git a/apparmor.d/profiles-a-f/fractal b/apparmor.d/profiles-a-f/fractal
index 7f14df0e..6dfb8445 100644
--- a/apparmor.d/profiles-a-f/fractal
+++ b/apparmor.d/profiles-a-f/fractal
@@ -21,10 +21,14 @@ profile fractal @{exec_path} flags=(attach_disconnected) {
   network inet6 stream,
   network netlink raw,
 
+  signal send set=kill peer=fractal//bwrap,
+
   @{exec_path} mr,
 
   @{open_path}  rPx -> child-open-help,
+  @{bin}/bwrap  rCx -> bwrap,
 
+  /usr/share/glycin-loaders/{,**} r,
   /usr/share/xml/iso-codes/{,**} r,
 
   owner @{tmp}/.@{rand6} rw,
@@ -37,6 +41,22 @@ profile fractal @{exec_path} flags=(attach_disconnected) {
 
   /dev/ r,
 
+  profile bwrap flags=(attach_disconnected) {
+    include <abstractions/base>
+    include <abstractions/common/bwrap>
+
+    signal receive set=kill peer=fractal,
+
+    @{bin}/bwrap mr,
+    @{lib}/glycin-loaders/*/glycin-* rix,
+
+    owner @{PROC}/@{pid}/fd/ r,
+
+    deny @{user_share_dirs}/gvfs-metadata/* r,
+
+    include if exists <local/fractal_bwrap>
+  }
+
   include if exists <local/fractal>
 }