diff --git a/apparmor.d/groups/apt/apt-overlay b/apparmor.d/groups/apt/apt-overlay
new file mode 100644
index 00000000..8dbdcf88
--- /dev/null
+++ b/apparmor.d/groups/apt/apt-overlay
@@ -0,0 +1,33 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2019-2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/apt-overlay
+profile apt-overlay @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+
+  @{exec_path} mr,
+  /{usr/,}bin/apt-get rPx,
+  /{usr/,}bin/ruby* mrix,
+
+  /{usr/,}sbin/apt-overlay r,
+
+  /{usr/,}lib/ruby/{,**} r,
+  /{usr/,}lib/locale/locale-archive r,
+  /{usr/,}lib/ruby/gems/3.0.0/specifications/default/*.gemspec rwk,
+
+  /usr/share/rubygems-integration/{,**} r,
+
+  / r,
+  /root/ r
+
+  owner @{PROC}/@{pids}/loginuid r,
+  owner @{PROC}/@{pids}/maps r,
+
+  include if exists <local/apt-overlay>
+}
diff --git a/apparmor.d/groups/apt/apt-systemd-daily b/apparmor.d/groups/apt/apt-systemd-daily
index bbe124b4..0d7c99b5 100644
--- a/apparmor.d/groups/apt/apt-systemd-daily
+++ b/apparmor.d/groups/apt/apt-systemd-daily
@@ -42,6 +42,7 @@ profile apt-systemd-daily @{exec_path} {
 
   /{usr/,}bin/apt-config         rPx,
   /{usr/,}bin/apt-get            rPx,
+  /{usr/,}bin/apt-overlay        rPx,
   /{usr/,}bin/unattended-upgrade rPx,
 
   /etc/default/locale    r,