diff --git a/apparmor.d/groups/virt/calico b/apparmor.d/groups/virt/calico
index ac46f619..313959fb 100644
--- a/apparmor.d/groups/virt/calico
+++ b/apparmor.d/groups/virt/calico
@@ -9,17 +9,18 @@ profile calico @{exec_path} flags=(complain) {
   network inet,
   network inet6,
 
-  @{exec_path} rix,
+  @{exec_path} rm,
   @{exec_path}-ipam rix,
   
-  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
-  /var/lib/calico/{,**} r,
   /etc/cni/net.d/{,**}  r,
-    
+  
+  /var/lib/calico/{,**} r,
   /var/log/calico/cni/ r,
   /var/log/calico/cni/cni.log rw,
   
   @{run}/calico/ipam.lock rwk,
 
+  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
+
   include if exists <local/calico>
 }